Windows Server core: -
Windows Server core is minimal installation option for windows server. It has a small footprint which benefits smaller attack surface. There is no GUI in server core and there are many windows features which is not supported in Server core. Windows Server core is more stable as there are few updates needs to be install and less memory, CPU, disk space required to run server core.
Server core doesn’t include below GUI shell packages: -
Microsoft-Windows-Server-Shell-Package
Microsoft-Windows-Server-Gui-Mgmt-Package
Microsoft-Windows-Server-Gui-RSAT-Package
Microsoft-Windows-Cortana-PAL-Desktop-Package
Here is list of available roles and features which are available in server core: -
https://docs.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services
List of Roles and features which is not included in server core: -
https://docs.microsoft.com/en-us/windows-server/administration/server-core/server-core-removed-roles
Server core installation: -
Installation of Server core is straight forward.
Boot using windows server iso file.
In Setup wizard select windows server 2019 standard or Datacenter (Without Desktop Experience)
Select Drive
Installation process will start, and it will take some time to get windows server ready.
After installation you will prompted for Administrator password change. You must provide complex password else it will keep asking you to change administrator password.
After completing password change, server installation process completes.
Server Core Configuration: -
After completing installation, you must configure server for e.g. renaming server, network configuration, domain joining etc.
There are many ways of doing it. You can use powershell or sconfig command to configure basic server settings.
If you are using sconfig which is easiest way to then you will get 15 options. Be default Windows provides command prompt after installation. You can change it to powershell.
To use sconfig just type sconfig in command window.
To Change computer name, select option 2. After chaning computer name, you have to reboot server, so settings can take place.
To get server domain joined select option1. It will ask for domain name which you want to join on your network and credentials, so you can add computer to AD.
To Add local administrator, select option 3.
You can select other option based on your requirement.
One main setting is network setting. You can select option 8 (network setting) to configure network settings like IP Address, subnet, gateway and DNS servers.
Apart from sconfig you can choose powershell to change these settings.
Here are few important powershell commands which you can choose.
To rename Computer use rename-computer
To Change IP Address, use New-NetIPaddress
E.g.
New-NetIPaddress -InterfaceIndex 12 -IPAddress 192.168.100.1 -PrefixLength 24 -DefaultGateway 192.168.100.2
To Set DNS servers: -
Set-DNSClientServerAddress –InterfaceIndex 12 -ServerAddresses 192.0.2.4,192.0.2.5
To Check configuration use, Get-Netipinterface
To Check if IPV6 is enabled on NIC use
Get-NetAdapterBinding -ComponentID ms_tcpip6
To Disable IPv6 use
Disable-NetAdapterBinding -Name "Adapter Name" -ComponentID ms_tcpip6
To re-enable it use
Enable-NetAdapterBinding -Name "Adapter Name" -ComponentID ms_tcpip6
To Join Domain or specific workgroup: -
Powershell: - Use Add-computer
Note: - If you are not sure about how to use powershell command then always use get-help command. You can provide -examples switch which as well help you in understanding that how you can use command with correct syntax.
To Add domain account on local administrator group you can use
net localgroup administrators /add \
Server activation: -
Again, you can use sconfig or windows inbuild slmgr vbscipt to active your windows.
In Sconfig you have to select option 11 and with slmgr use below command
cscript windows\system32\slmgr.vbs
:-ato
Managing Windows Server core: -
There are many methods to manage server core. Here is lit of few: -
Windows Admin Center
RSAT Tools
Windows PowerShell
Server Manager
MMC Snap-In
RDP
Run Multiple CMD or PowerShell windows: -
By default, only one command or PowerShell open in Server core.
I found out a way to open multiple CMD or PowerShell windows. I used taskmgr which open task manager and from there I go to file and run new task. In window type PowerShell or cmd which open new window. By doing this you can have multiple windows.
To enable your local server to be managed by Server Manager running on a remote server, you must enable smremoting. Run below powershell command to enable it on server core: -
Configure-SMRemoting.exe –Enable
You can also use MMC Snap-In to manage server core remotely. MMC Like Computer management allow you to manage server core remotely. For domain joined computer it works fine without doing any extra efforts. But non-domain joined server need some additional steps. You need alternate credential, so you can access server remotely. Use below command to provide alternate credential on remote server and then you can manage server core through MMC.
cmdkey /add: /user: /pass:
If you want to be prompted for a password, omit the /pass option.
You also must allow windows firewall to enable remote management on server core, so you can use remote management tool to manage it remotely.
To Check status of Windows remote management group run below: -
Get-NetFirewallRule -DisplayGroup "Windows Remote management" | ft displaygroup, action
It will show you if remote management group rule is allowed or not. If not, then run below: -
get-netfirewallrule -displaygroup 'Windows Remote management' | enable-netwfirewallrule
To disable it again run below
get-netfirewallrule -displaygroup 'Windows Remote management' | Disable-netwfirewallrule
You can configure firewall rules on per profile basis as well.
To Check what rules are associated with profile run below: -
Get-NetFirewallProfile -Name Public | Get-NetFirewallRule
To Disable a firewall profile run below: -
get-netfirewallprofile | set-netfirewallprofile -enabled $false
There are many rule group for different task. You can enable firewall rules for these rule groups.
Here are few: -
MMC snap-in
|
Rule group
|
Event Viewer
|
Remote Event Log Management
|
Services
|
Remote Service Management
|
Shared Folders
|
File and Printer Sharing
|
Task Scheduler
|
Performance Logs and Alerts, File and Printer Sharing
|
Disk Management
|
Remote Volume Management
|
Windows Firewall and Advanced Security
|
Windows Firewall Remote Management
|
You can also manage server core through remote desktop. To enable remote desktop on Server core rune below: -
cscript C:\Windows\System32\Scregedit.wsf /ar 0
Hardware installation and Driver installation: -
Most of hardware comes with plug and play. Also installing hardware comes with installation instructions from hardware vendors.
Here are manual steps for hardware drivers which doesn’t come with plug and play.
You must download driver for hardware which you intend to install on server. Copy drivers on server and run below command
Pnputil -I -a
Here driverinf is file the .inf file for the driver
To check what all drivers installed o server run below: -
Sc query type=driver
To disable a device driver run below: -
Sc delete
Here service name is name of service which you get by running sc query type=driver
Making powershell default option on server core: -
By default, when login on server core you get command prompt to work on. But most of time you work with powershell. To make powershell as default you can use modify registry.
Here are steps: -
$path='HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
Set-ItemProperty -path $path -Name Shell -value 'Powershell.exe -noexit'
Configure memory dump on server core: -
Here are steps to configure memory dump on server core: -
Step 1: Disable the automatic system page file management
The first step is to manually configure your system failure and recovery options. We must disable automatic managed file option. To do this run follow: -
wmic computersystem set AutomaticManagedPagefile=False
Step 2: Configure the destination path for a memory dump
It is recommended to have page file on partition where OS is installed. To Put page file on another partition we need to modify registry value. Here are steps to configure registry: -
Open the command prompt and type regedit. It will open registry editor
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
Click Edit > New > String Value
Name the new value DedicatedDumpFile, and then press ENTER
Right-click DedicatedDumpFile, and then click Modify.
In Value data type :\, and then click OK. For e.g. E:\dumpfile.dmp
Click Edit > New > DWORD Value.
Type DumpFileSize, and then press ENTER
Right-click DumpFileSize, and then click Modify.
In Edit DWORD Value, under Base, click Decimal.
In Value data, type the appropriate value, and then click OK. The size of the dump file is in megabytes (MB).
Exit the Registry Editor.
To view the current destination path for the page file, run the following command:
wmic RECOVEROS get DebugFilePath
The default destination for DebugFilePath is %systemroot%\memory.dmp. To change the current destination path, run the following command:
wmic RECOVEROS set DebugFilePath =
et to the destination path. For example, the following command sets the memory dump destination path to C:\WINDOWS\MEMORY.DMP:
wmic RECOVEROS set DebugFilePath = C:\WINDOWS\MEMORY.DMP
Step 3: Set the type of memory dump
Determine the type of memory dump to configure for your server. To view the current memory dump type, run the following command:
wmic RECOVEROS get DebugInfoType
To change the current memory dump type, run the following command:
wmic RECOVEROS set DebugInfoType =
can be 0, 1, 2, or 3, as defined below.
0: Disable the removal of a memory dump.
1: Full memory dump. Records all the contents of system memory when your computer stops unexpectedly. A full memory dump may contain data from processes that were running when the memory dump was collected.
2: Kernel memory dump (default). Records only the kernel memory. This speed up the process of recording information in a log file when your computer stops unexpectedly.
3: Small memory dump. Records the smallest set of useful information that may help identify why your computer stopped unexpectedly.
7: Automatic memory Dump. This is new to windows 10 and new family of windows server.
Step 4: Configure the server to restart automatically after generating a memory dump
By default, the server automatically restarts after it generates a memory dump. To view the current configuration, run the following command:
wmic RECOVEROS get AutoReboot
If the value for AutoReboot is TRUE, the server will restart automatically after generating a memory dump. No configuration is needed and you can proceed to the next step.
If the value for AutoReboot is FALSE, the server will not restart automatically. Run the following command to change the value:
wmic RECOVEROS set AutoReboot = true
Step 5: Configure the server to overwrite the existing memory dump file
By default, the server overwrites the existing memory dump file when a new one is created. To determine if existing memory dump files are already configured to be overwritten, run the following command:
wmic RECOVEROS get OverwriteExistingDebugFile
If the value is 1, the server will overwrite the existing memory dump file. No configuration is needed, and you can proceed to the next step.
If the value is 0, the server won't overwrite the existing memory dump file. Run the following command to change the value:
wmic RECOVEROS set OverwriteExistingDebugFile = 1
Step 6: Set an administrative alert
Determine whether an administrative alert is appropriate and set SendAdminAlert accordingly. To view the current value for SendAdminAlert, run the following command:
wmic RECOVEROS get SendAdminAlert
The possible values for SendAdminAlert are TRUE or FALSE. To modify the existing SendAdminAlert value to true, run the following command:
wmic RECOVEROS set SendAdminAlert = true
Step 7: Set the memory dump's page file size
To check the current page file settings, run one of the following commands:
wmic.exe pagefile
or
wmic.exe pagefile list /format:list
run the following command to configure the initial and maximum sizes of your page file:
For e.g.
wmic pagefileset where name="c:\pagefile.sys" set InitialSize=1000,MaximumSize=5000
Step 8: Configure the server to generate a manual memory dump
You can manually generate a memory dump by using a PS/2 keyboard. This feature is disabled by default, and it is not available for Universal Serial Bus (USB) keyboards.
To enable manual memory dumps by using a PS/2 keyboard, run the following command:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters /v CrashOnCtrlScroll /t REG_DWORD /d 1 /f
To determine if the feature has been enabled properly, run the following command:
Reg query HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ i8042prt \ Parameters / v CrashOnCtrlScroll
You must restart the server for the changes to take effect. You can restart the server by running the following command:
Shutdown / r / t 0
You can generate manual memory dumps with a PS/2 keyboard that is connected to your server by holding the RIGHT CTRL key while pressing the SCROLL LOCK key two times. This makes the computer bug check with error code 0xE2.
Roles and feature on Server core: -
Another most important task on server is to install windows server role and features.
Get-windowsfeature, Install-windowsfeature and uninstall-windowsfeature are major command to manage roles and feature on windows server core.
Here are few examples of these commands:
To get installed roles and feature run below:
get-windowsfeature
get-windowsfeature | where-object{$_.installed -eq $true}
get-windowsgeature | where installed -EQ $true
get-windowsfeature *framework*
To Install .net framework using side by side folder
install-windowsfeature net-framework-core -source D:\Sources\sxs
To Uninstall .net framework
uninstall-windowsfeature net-framework-core
Check if it is removed.
get-windowsfeature *framework*
To restart Computer forcefully
restart-computer -force
To remove binaries as well
When you uninstall windows feature or role, binaries do not remove by default. These unnecessary binaries can take a lot of space. So, if you want to remove these binaries as well then use remove switch as well.
uninstall-windowsfeature net-framework-core -remove
Downloading from internet: -
To download files from internet you can use bits transfer in server core.
Here are few examples: -
To download a file from internet.
start-bitstransfer -source "Download link" -destination C:\
To check status
get-bitstransfer
To suspend a downloading
suspend-bitstransfer
To resume suspended downloading
resume-bitstransfer
Working with Services: -
Another important task of windows administrators is managing services. Here are few examples to manage services on server core
How to list services
PowerShell Command:
Get-service | Format-table -autosize
How to view a single service
Get-service | where name -eq BITS |Format-list
How to start a single service
Start-Service -name BITS
How to stop a service
Stop-Services -name BITS
How view a Service Startup Type
Get-wmiobject win32_service | where Name -eq bits
How to change the Service Startup Type
Set-Service -name bits -StartupType Automatic
Working with Disk and Volumes: -
To manage disks, we can use get-disk and get-volume commands on server core.
To check available disk
Get-disk
To check volume
Get-Volume
To Install New Disk follow these: -
Check available Disk
Get-Disk
To Initialize a disk
get-disk 0 | initialize-disk
Note: - Here 0 is disk number
After initialization disk will show online.
Create partition
get-disk 0 | new-partition -size 5GB
If you want to assign full space on new partition of disk, then use
get-disk 0 | new-partition -usemaximumsize
To Format new Disk
get-partition -disknumber 0 -partitionnumber 2 | format-volume-filesystem ntfs
To Assign a drive letter
get-partition -disknumber 0 -partitionnumber 2 | set-partition -newdriveletter F
Patch Server core: -
To View Installed update you can use
Get-hotfix or
Systeminfo.exe or
Wmic qfe list
Patch Server Core automatically with Windows Update
Verify the current Windows Update setting:
%systemroot%\system32\Cscript scregedit.wsf /AU /v
To enable automatic updates:
Net stop wuauserv
%systemroot%\system32\Cscript scregedit.wsf /AU 4
Net start wuauserv
To disable automatic updates, run:
Net stop wuauserv
%systemroot%\system32\Cscript scregedit.wsf /AU 1
Net start wuauserv
To force Windows Update to immediately detect and install any available updates
Wuauclt /detectnow
Patch the server manually
Download the update and make it available to the Server Core installation
Wusa .msu /quiet
Without Server Restart
wusa path /quiet /norestart
To uninstall an update manually, run the following command:
Wusa /uninstall .msu /quiet
To Uninstall specific KB
wusa /uninstall /kb:kb4295699 /norestart /quiet
You Can also use sconfig to manage update settings.
Option 5 and 6 are there to manage updates on server core in sconfig command.
Note: - To download a patch from internet use bits transfer commands.
Working with Files: -
To get all availale commands for Item and Content which is used to manage files and file contents
get-command *-item*
get-command *-Content*
To get all items within a directory
get-childitem
To Create new Directory
new-item -itemtype directory -name test -path .\
To Create new file and putting value in that file
new-item -itemtype file -name hello.txt -value "hello world" -path .\test
To get Content of file
get-content -path .\test\hello.txt
To remove item
remove-item -path .\test
To remove all items within a directory
remove-item -path .\test -recurse
| 