Initial Configuration

  • Article

The initial steps you'll need to perform on a Server Core installation will depend somewhat on your intended use of the installation, but we think that the following ones are the most obvious:

  • Set a fixed IP address.
  • Change the server name to match your internal standards.
  • Join the server to a domain.
  • Change the default resolution of the console.
  • Enable remote management through Windows Firewall.
  • Enable remote desktop.
  • Activate the server.

We'll walk through these steps for you, and leave you with a couple of basic scripts that you can modify to automate these tasks for your environment. Table 9-1 contains the settings we'll be using during this install scenario.

Table 9-1 Settings for Initial Server Core Configuration (Example)

Dd163521.table_C09625051_1(en-us,TechNet.10).png

Set IP Address

To set the IP address for the server, you need to use the netsh command-line tool. Follow these steps to configure TCP/IP:

  1. From the command window, use netsh to get the "name" (index number) of the network card.

    netsh interface ipv4 show interfaces

  2. The result will be something like the following:

    C:\Users\administrator>netsh interface ipv4 show interfaces 

Idx  Met   MTU   State        Name 
---  ---  -----  -----------  ------------------- 
  2   10   1500  connected    Local Area Connection 
  1   50 4294967295  connected    Loopback Pseudo-Interface 1

    The Idx value for your real network card (2, in this case) will be used as the name value in future commands for netsh.

  3. Now, using the Idx value from step 2, run the following netsh command:

    netsh interface ipv4 set address name="<Idx>" source=static 
    address=<IP Address> mask=<netmask> 
    gateway=<IP Address of default gateway>

    Note The netsh lines above, and in examples below, are actually one long command line, but we had to break them (and indent subsequent lines) because of the limitations of the printed page. And it's not just netsh that is a problem—most of the commands you end up having to use with Server Core are long and will be artificially broken in this chapter.

  4. Next, specify the DNS server for the adapter, using netsh again:

    netsh interface ipv4 add dnsserver name="<Idx>"  
   address=<IP Address of DNS Server> index=1

  5. For secondary DNS servers, repeat the command in step 4, increasing the index value by one each time.

Renaming the Server and Joining to a Domain

The next step in initial configuration is assigning the name of the server and joining it to a domain. During initial installation of Windows Server 2008, an automatically generated name is assigned to the server and the server is placed in the WORKGROUP workgroup. You'll want to change this to align the computer name with your corporate naming policy and join the server to the correct domain and Organizational Unit. Our naming policy here has three parts: the model of server, the functional role, and a number reflecting its IP address. Thus the Server Core computer we're building in this chapter is named hp350-core-04: it's a Hewlett Packard ML 350 G5 server, it is running Server Core, and the final octet of its IP address is four. Your server naming convention will undoubtedly be different, but the important thing is to be consistent. Our domain for this book is example.local.

To change the name of the server and join it to the example.local domain, follow these steps:

  1. From the command prompt, use the netdom command to change the name of the server:

    netdom renamecomputer %COMPUTERNAME% /newname:<newname>

  2. After you change the name, you must reboot the server.

    shutdown /t 0 /r

  3. After the server restarts, log on to the Administrator account.

  4. Use the netdom command again to join the domain.

    netdom join %COMPUTERNAME% /DOMAIN:<domainname>  
   /userd:<domain admin account> /password:*

  5. You'll be prompted for the password for the domain administrative account you used. Enter the password. When the domain join has succeeded, you'll again need to reboot the server.

    shutdown /t 0 /r

  6. After the server restarts, log back on to a domain administrator's account. (You'll need to click Change User because the server will default to the local administrator account.)

Under the Hood Scripting Initial Configuration

If you set up more than one or two Server Core computers, you'll quickly get tired of doing all this interactively from the command prompt. We know we did. You have the choice of either using an unattend.xml file to set options during the install or using simple scripts to automate the process. Both work, and both have their adherents, but we tend to use scripts after the fact. You can modify the following three scripts (which you'll also find on the companion CD) for your environment to automate the initial TCP/IP, server name, and domain join steps. The first script sets the IP address, sets the DNS server, and changes the server name.

echo off 
REM filename: initsetup1.cmd 
REM 
REM initial setup for a Server 2008 Server Core installation.  
REM command file 1 of 3 
REM 
REM Created: 4 September, 2007 
REM ModHist: 5/9/07 - switched to variables (cpr) 
REM 
REM Copyright 2007 Charlie Russel and Sharon Crawford. All rights reserved. 
REM   You may freely use this script in your own environment, modifying it 
REM   to meet your needs. But you may not re-publish it without permission.  
 
REM first, set a fixed IP address. You'll need to know the index number 
REM of the interface you're setting, but in a default Server Core install,  
REM with only a single NIC, the index should be 2. To find the index,  
REM you can run: 
REM      netsh interface ipv4 show interfaces 
REM  
 
SETLOCAL 
REM Change the values below to match your needs 
SET IPADD=192.168.51.4 
SET IPMASK=255.255.255.0 
SET IPGW=192.168.51.1 
SET DNS1=192.168.51.2 
SET NEWNAME=hp350-core-04 
 
netsh interface ipv4 set address name="2" source=static  
   address=%IPADD% mask=%IPMASK% gateway=%IPGW% 
 
REM Next, set DNS to point to DNS server for example.local. 
REM   192.168.51.2 in this case 
netsh interface ipv4 add dnsserver name="2" address=%DNS1% index=1 
 
REM Now, we need to change the computer name. After we're done, the server  
REM must be restarted, and we can continue with the next batch of commands.  
REM we use the /force command here to avoid prompts 
netdom renamecomputer %COMPUTERNAME% /newname:%NEWNAME% /force 
 
@echo If everything looks OK, the it's time to reboot 
pause 
REM now, shutdown and reboot. No need to wait.  
shutdown /t 0 /r

The second script we use is to actually join the server to the domain.

@echo off 
REM Filename: initsetup2.cmd 
REM 
REM initial setup for a Server 2008 Server Core installation.  
REM command file 2 of 3 
REM 
REM Created: 4 September, 2007 
REM ModHist:  
REM 
REM Copyright 2007 Charlie Russel and Sharon Crawford. All rights reserved. 
REM   You may freely use this script in your own environment, modifying it  
REM   to meet your needs. But you may not re-publish it without permission.  
 
SETLOCAL 
SET DOMAIN=example.local 
SET DOMADMIN=Administrator 
 
REM Join the domain using the netdom join command. Prompts for password 
REM of domain administrator account set above  
 
netdom join %COMPUTERNAME% /DOMAIN:%DOMAIN% /userd:%DOMADMIN% /password:*  
 
REM now, shutdown and reboot. No need to wait, and that's all we can do  
REM at this time 
 
shutdown /t 0 /r

Finally, use the third script to enable remote management and activate the server.

echo off 
REM initsetup3.cmd 
REM 
REM initial setup for a Server 2008 Server Core installation.  
REM command file 3 of 3 
REM 
REM Created: 4 September, 2007 
REM ModHist:  
REM 
REM Copyright 2007 Charlie Russel and Sharon Crawford. All rights reserved. 
REM   You may freely use this script in your own environment, modifying it  
REM   to meet your needs. But you may not re-publish it without permission.  
 
REM Use netsh to enable remote management through the firewall for the  
REM domain profile. This is the minimum to allow using remote MMCs to work 
REM from other computers in the domain.  
 
netsh advfirewall set domainprofile settings remotemanagement enable  
 
REM allow remote administration group 
netsh advfirewall firewall set rule group="Remote Administration" new
    enable=yes 
 
REM Allow remote desktop  
REM (also works with group="Remote Desktop" instead of name=) 
netsh advfirewall firewall set rule name="Remote Desktop (TCP-In)" new
    enable=yes 
 
REM Enable Remote Desktop for Administration, and allow  
REM downlevel clients to connect 
cscript %windir%\system32\scregedit.wsf /AR 0 
cscript %windir%\system32\scregedit.wsf /CS 0 
 
REM Now, run the activation script 
REM No output means it worked 
Slmgr.vbs -ato

Setting Desktop Display Resolution

To set the display resolution for the Server Core desktop, you need to manually edit the registry. We'd give you a script to do it, but it is dependent on correctly identifying the specific GUID for your display adapter. Not something we want to automate. So, to change the resolution on your Server Core desktop, follow these steps:

  1. Open regedit.

  2. Navigate to HKLM\System\CurrentControlSet\Control\Video.

  3. One or more GUIDs is listed under Video. Select the one that corresponds to your video card. Hint: They each have a device description under the 0000 key that can sometimes help.

  4. Under the GUID for your video card select the 0000 key, and add a DWORD DefaultSettings.XResolution. Edit the value to the X axis resolution you want. For a width of 1024 pixels, use 400 hexadecimal, as shown in Figure 9-3.

    Dd163521.figure_C09625051_3(en-us,TechNet.10).png

    Figure 9-3 Editing the display resolution value for the X axis

  5. Add a DWORD DefaultSettings.YResolution. For height of 768 pixels, use 300 hexadecimal.

    Note In some cases, these keys will already exist. If they do, you can simply change their value as necessary.

  6. Exit the registry editor and log off using the following:

    shutdown /l

  7. Once you log back on, the new display settings will take effect.

Enabling Remote Management

To allow access to the familiar graphical administration tools, you need to enable them to work through Windows Firewall. This requires another set of netsh commands. Use the following steps to enable remote administration and Remote Desktop:

  1. From the command prompt, use the netsh command to enable remote management:

    netsh advfirewall set domainprofile settings remotemanagement enable

  2. Now, enable the Remote Administration group of firewall rules.

    netsh advfirewall firewall set rule group="Remote Administration" new
    enable=yes

  3. Finally, life is easier when you can connect using remote desktop, so let's enable that, too:

    netsh advfirewall firewall set rule name="Remote Desktop (TCP-In)" new
    enable=yes

You should now be able to do additional management using familiar graphical tools from another server but connecting to the Server Core computer.

Activating the Server

The final step in basic configuration of the Server Core computer is to activate it. This requires using a Visual Basic script, which is provided. Use the following command:

Slmgr.vbs -ato

Note All the basic initial setup commands for Server Core are included in the three scripts described in the Under The Hood sidebar, and are also available on the CD that comes with the book.

Installing Roles

Windows Server 2008 Core doesn't support all the possible roles and features of the full graphical Windows Server, but it does support the most important infrastructure roles. We think one of the most compelling scenarios for Server Core is as a remote site server to enable basic functionality at a remote site where there isn't anyone on site to administer it. By combining the DHCP Server, DNS Server, File Services, and Print Services roles with a read-only Active Directory Domain Services role, you have a "branch office in a box" solution—just add a remote access device such as a VPN router and you're in business.

The File Services role is added by default as part of the base Server Core installation, but you can add additional role services to support additional functionality.

The command used to install a role in Server Core is Ocsetup.exe. The exact same command is used to uninstall a role, but with the /uninstall command-line parameter. The full syntax for Ocsetup is:

Ocsetup %lt;/?|/h|/help> 
Ocsetup <component> [/uninstall][/passive][/unattendfile:<file>] [/quiet] 
   [/log:<file>][/norestart][/x:<parameters>]

The important thing to remember about Ocsetup is that it is quite unforgiving. It is case- sensitive, and even a slight mistake in the case of the component name will cause the command to fail.

A script to install the roles for this solution, except the domain controller role, would look like this:

@REM filename: SetupBranch.cmd 
@REM 
@REM Setup file to install roles for a branch office server 
@REM 
@REM Created: 5 September, 2007 
@REM ModHist:  
@REM 
@REM Copyright 2007 Charlie Russel and Sharon Crawford. All rights reserved 
@REM   You may freely use this script in your own environment,  
@REM   modifying it to meet your needs.  
@REM   But you may not re-publish it without permission.  
 
@REM Using "start /w" with ocsetup forces ocsetup to wait until it  
@RME completes before  
going on to the next task.  
 
@REM Install DNS and DHCP 
@echo Installing DNS and DHCP roles... 
start /w ocsetup DNS-Server-Core-Role 
start /w ocsetup DHCPServerCore 
 
@REM Now, install File Role Services 
@echo Now installing File Role Services... 
start /w ocsetup FRS-Infrastructure 
start /w ocsetup DFSN-Server 
start /w ocsetup DFSR-Infrastructure-ServerEdition 
 
@REM Uncomment these two lines to add NFS support 
@REM start /w ocsetup ServerForNFS-Base 
 
@REM start /w ocsetup ClientForNFS-Base 
 
@REM Install Print Server Role 
 
@echo Installing Print Server Role 
start /w ocsetup Printing-ServerCore-Role 
 
@REM Uncomment next for LPD support 
@REM start /w ocsetup Printing-LPDPrintService

Note You can't include the DCPromo command in the script above because installing the Print Server role requires a reboot, which locks out DCPromo.

You cannot use DCPromo interactively to create a domain controller–you must create an unattend.txt file to use with it. The basic minimum unattend.txt file is:

[DCInstall] 
InstallDNS = Yes 
ConfirmGC = yes 
CriticalReplicationOnly = No 
RebootOnCompletion = No 
ReplicationSourceDC = hp350-dc-02.example.local 
ParentDomainDNSName = example.local 
ReplicaOrNewDomain = ReadOnlyReplica 
ReplicaDomainDNSName = example.local 
SiteName=Default-First-Site-Name 
SafeModeAdminPassword = <passwd> UserDomain = example 
UserName = Administrator 
Password = <passwd>

Important The passwords fields must be correct, and will be automatically stripped from the file for security reasons. For Server Core, you must specify a ReplicationSourceDC value. You should set ReplicaOrNewDomain to the value shown here—ReadOnlyReplica—to create a read-only domain controller.

To install the read-only Domain Controller role, follow these steps:

  1. Use Notepad or your favorite ASCII text editor (we use GVim, which works quite well in Server Core) to create an unattend.txt file with the necessary settings for the domain you will be joining. The specific filename of the unattend file is not important because you specify it on the command line.

  2. Change to the directory that contains the unattend file. If the server has any pending restarts, you must complete them before promoting the server to domain controller.

  3. Run DCPromo with the following syntax:

    Dcpromo /unattend:<unattendfilename>

  4. If there are no errors in the unattend file, DCPromo will proceed and promote the server to be a read-only domain controller, as shown in Figure 9-4.

    Dd163521.figure_C09625051_4(en-us,TechNet.10).png

    Figure 9-4 Use DCPromo to create a read-only domain controller with an unattend file.

Listing Roles

The Oclist.exe command provides a complete list of the available Server Core roles, role services, and features, as well as their current state. Use

Oclist

to get the exact, case-sensitive list of the features and roles you want to install.

< Back      Next >

 

 

© Microsoft. All Rights Reserved.