There
are many ways to work with Server Core and manage the roles and
features you have installed. One of them is to use a command prompt
(either locally or through a remote connection), but that probably
isn’t what you want to here. You are hoping for a GUI method.
Well,
in addition to using the command-prompt directly, you can also connect
through Terminal Services or through Windows Remote Shell, but again,
this probably isn’t what you are looking for. You can also use remote
Microsoft Management Console (MMC) snap-ins to manage Server Core
systems in the same way you would use them to remotely administer other
systems.
At this point, it should be obvious how to work with Server Core locally, so let’s consider some of the remote options.
Manage Server Core with Terminal Services
To
connect to a Server Core system from a Terminal Services client, you
have to enable Remote Desktop for Administration mode. You can do this
on a Server Core system by typing the following at the command prompt:
Cscript c:\windows\system32\scregedit.wsf /ar 0
When
this is complete (the screen says “Registry has been updated”), you can
go to another system and open the Remote Desktop Connection program. (A
quick way to do this if you are using Windows Vista is to run the mstsc.exe
app from the Start menu’s instant search bar.) You can use the IP
address or the name of the server running Server Core, make the
connection, and log in. Ultimately, you will still be working with a
command prompt, however (which is why we don’t have a figure here—it
would simply be another command prompt).
Type logoff at the command prompt when you are finished.
Manage with TS RemoteApp
Now,
something a little more modern than managing via Terminal Services,
although ultimately with the same end result, is the use of TS
RemoteApp to publish the cmd.exe
application. With Windows Server 2008, you have the ability to publish
a specific application without having users connect to the entire
desktop. In the case of Server Core, this becomes logical because there
is nothing happening on the desktop.
To enable this feature on your Server Core system, you need to perform the following steps:
1. | On another Windows Server 2008 system, add the Terminal Services role through Server Manager.
|
2. | Open the MMC and add the TS RemoteApp MMC snap-in.
|
3. | Connect to the Server Core system.
|
4. | From the Results pane, select RemoteApp Programs and locate the cmd.exe application (located at \\<ServerName>\c$\windows\system32\cmd.exe).
|
5. | From the Allow list, click Remote cmd.exe and then Create RDP Package.
|
6. | Use the RDP package to connect to the server that is running Server Core.
|
Manage with Windows Remote Shell
Using
Windows Remote Shell to connect to a Server Core system requires you to
know command-line syntax. You must first enable Windows Remote Shell on
the Server Core system by performing the following steps:
1. | Type WinRM quickconfig at the command prompt.
|
2. | On another system, open a command prompt.
|
3. | Use WinRS.exe to initiate all your commands to the remote Server Core system. For example, type winrs -r:<Server Core System Name> dir c:\windowsc:\windows directory information on your Server Core system.
to see the |
At
this point, you can perform any of the command-line tasks you normally
would locally at the Server Core system but through the Remote Shell.
Manage Server Core with MMC Snap-ins
This
is what you may have been waiting for throughout this chapter: the
ability to manage Server Core through familiar GUI snap-ins for your
MMC snap-ins.
To
get started, make sure the Windows Firewall (if it is configured on the
Server Core system) will allow an MMC connection. You can allow all
snap-ins to connect or allow only specific ones.
To allow all snap-ins to connect, type the following:
Netsh advfirewall firewall set rule group="remote administration" new enable=yes
Allowing only specific snap-ins requires a bit more work. You type the following:
Netsh advfirewall firewall set rule group="<rulegroup>" new enable=yes
Note
The
reason this second method may require a bit more work is because the
rule groups are outlined for some, but not all, snap-ins. Some snap-ins
simply do not have a rule group, in which case enabling the groups for
Event Viewer, Services, or Shared Folders will often be enough to allow
other snap-ins to work. For this reason, unless you have a major
security concern, it would be easier to simply enable all snap-ins.
Some of the MMC snap-ins and corresponding rule group names are listed here:
Event Viewer: Remote Event Log Management
Services: Remote Services Management
Shared Folders: File and Printer Sharing
Task Scheduler: Remote Scheduled Tasks Management
Reliability and Performance Monitor: Performance Logs and Alerts (and File Printer and Sharing)
Disk Management: Remote Volume Management
Windows Firewall with Advanced Security: Windows Firewall Remote Management
When
you have the MMC configured on your Server Core system, you can begin
managing with it, if you have the right credentials to do so. Another
concern is whether the Server Core system is a domain member. If it
isn’t, you have a little more work to do in order to connect.
So, to begin with, if you are managing a Server Core system that is part of the domain, you perform the following steps:
1. | Open an MMC snap-in. (Choose an easy one to work with and a familiar one, such as Computer Management. Or you can type mmc at the Start instant search bar and open a blank console.)
|
2. | Right-click the top-left part of the hierarchy and select Connect to Another Computer.
|
3. | Type the computer name of the Server Core system.
|
Now you should be able to use the snap-in the same way you would any other remote system you work on.
If, however, the Server Core system is not
a part of the domain, you have to create a connection credentially to
the Server Core system from your client machine. To do that, type the
following:
Open a command prompt on the client machine and type: cmdkey /add:<Server Core System Name> /user:<Administrator Account User Name> /pass:<Administrator Password>
You can now manage the Server Core machine as you would any other system in the domain.