Question : Manage Server Core

Server Core is installed, and you have it configured with the roles you want to utilize. At this point, you are concerned about the management side of a command-prompt-only server. How do you manage Server Core?

Answer : Manage Server Core

There are many ways to work with Server Core and manage the roles and features you have installed. One of them is to use a command prompt (either locally or through a remote connection), but that probably isn’t what you want to here. You are hoping for a GUI method.

Well, in addition to using the command-prompt directly, you can also connect through Terminal Services or through Windows Remote Shell, but again, this probably isn’t what you are looking for. You can also use remote Microsoft Management Console (MMC) snap-ins to manage Server Core systems in the same way you would use them to remotely administer other systems.

At this point, it should be obvious how to work with Server Core locally, so let’s consider some of the remote options.

Manage Server Core with Terminal Services

To connect to a Server Core system from a Terminal Services client, you have to enable Remote Desktop for Administration mode. You can do this on a Server Core system by typing the following at the command prompt:

Cscript c:\windows\system32\scregedit.wsf /ar 0

When this is complete (the screen says “Registry has been updated”), you can go to another system and open the Remote Desktop Connection program. (A quick way to do this if you are using Windows Vista is to run the mstsc.exe app from the Start menu’s instant search bar.) You can use the IP address or the name of the server running Server Core, make the connection, and log in. Ultimately, you will still be working with a command prompt, however (which is why we don’t have a figure here—it would simply be another command prompt).

Type logoff at the command prompt when you are finished.

Manage with TS RemoteApp

Now, something a little more modern than managing via Terminal Services, although ultimately with the same end result, is the use of TS RemoteApp to publish the cmd.exe application. With Windows Server 2008, you have the ability to publish a specific application without having users connect to the entire desktop. In the case of Server Core, this becomes logical because there is nothing happening on the desktop.

To enable this feature on your Server Core system, you need to perform the following steps:

1.
On another Windows Server 2008 system, add the Terminal Services role through Server Manager.

2.
Open the MMC and add the TS RemoteApp MMC snap-in.

3.
Connect to the Server Core system.

4.
From the Results pane, select RemoteApp Programs and locate the cmd.exe application (located at \\<ServerName>\c$\windows\system32\cmd.exe).

5.
From the Allow list, click Remote cmd.exe and then Create RDP Package.

6.
Use the RDP package to connect to the server that is running Server Core.

Manage with Windows Remote Shell

Using Windows Remote Shell to connect to a Server Core system requires you to know command-line syntax. You must first enable Windows Remote Shell on the Server Core system by performing the following steps:

1.
Type WinRM quickconfig at the command prompt.

2.
On another system, open a command prompt.

3.
Use WinRS.exe to initiate all your commands to the remote Server Core system. For example, type winrs -r:<Server Core System Name> dir c:\windowsc:\windows directory information on your Server Core system.

to see the

At this point, you can perform any of the command-line tasks you normally would locally at the Server Core system but through the Remote Shell.

Manage Server Core with MMC Snap-ins

This is what you may have been waiting for throughout this chapter: the ability to manage Server Core through familiar GUI snap-ins for your MMC snap-ins.

To get started, make sure the Windows Firewall (if it is configured on the Server Core system) will allow an MMC connection. You can allow all snap-ins to connect or allow only specific ones.

To allow all snap-ins to connect, type the following:

Netsh advfirewall firewall set rule group="remote administration" new enable=yes

Allowing only specific snap-ins requires a bit more work. You type the following:
Netsh advfirewall firewall set rule group="<rulegroup>" new enable=yes

Note

The reason this second method may require a bit more work is because the rule groups are outlined for some, but not all, snap-ins. Some snap-ins simply do not have a rule group, in which case enabling the groups for Event Viewer, Services, or Shared Folders will often be enough to allow other snap-ins to work. For this reason, unless you have a major security concern, it would be easier to simply enable all snap-ins.


Some of the MMC snap-ins and corresponding rule group names are listed here:

  • Event Viewer: Remote Event Log Management

  • Services: Remote Services Management

  • Shared Folders: File and Printer Sharing

  • Task Scheduler: Remote Scheduled Tasks Management

  • Reliability and Performance Monitor: Performance Logs and Alerts (and File Printer and Sharing)

  • Disk Management: Remote Volume Management

  • Windows Firewall with Advanced Security: Windows Firewall Remote Management

When you have the MMC configured on your Server Core system, you can begin managing with it, if you have the right credentials to do so. Another concern is whether the Server Core system is a domain member. If it isn’t, you have a little more work to do in order to connect.

So, to begin with, if you are managing a Server Core system that is part of the domain, you perform the following steps:

1.
Open an MMC snap-in. (Choose an easy one to work with and a familiar one, such as Computer Management. Or you can type mmc at the Start instant search bar and open a blank console.)

2.
Right-click the top-left part of the hierarchy and select Connect to Another Computer.

3.
Type the computer name of the Server Core system.

Now you should be able to use the snap-in the same way you would any other remote system you work on.

If, however, the Server Core system is not a part of the domain, you have to create a connection credentially to the Server Core system from your client machine. To do that, type the following:

Open a command prompt on the client machine and type: cmdkey /add:<Server Core System Name> /user:<Administrator Account User Name> /pass:<Administrator Password>

You can now manage the Server Core machine as you would any other system in the domain.
Random Solutions  
 
programming4us programming4us