Feb 2 2010

Windows Server 2008 Core Initial Setup and RODC Installation

 

Hi,

My first blog post will give you an intro about Windows Server 2008 Core Edition and the required commands needed to configure a Server Core  in your domain and add it as a DC.

As from Microsoft, “The Server Core installation option is a new option that you can use for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles”. I think there is no need to further explain..

Windows Server Core does not support all the Windows Server 2008 Roles & Features. The supported Roles & Features are:

Supported Server Roles

Supported Server Features
  • Active Directory Domain Services (AD DS)
  • Active Directory Lightweight Directory Services (AD LDS)
  • DHCP Server
  • DNS Server
  • File Services
  • Hyper-V
  • Print Services
  • Streaming Media Services
  • Web Server (IIS)*
  • Failover Clustering
  • Network Load Balancing
  • Subsystem for UNIX-based applications
  • Backup
  • Multipath IO
  • Removable Storage
  • Bitlocker Drive Encryption
  • Simple Network Management Protocol (SNMP)
  • Windows Internet Name Service (WINS)
  • Telnet client

* As for Web Services, a Server Core installation does not support all Web Services and functionality. New Web Services enhancements will probably be available in Windows Server 2008 R2.

So, after this brief intro, here are the commands needed for your Server Core initial setup:

Set password for local admin –

Choose 'Other User' at the logon screen> type 'Administrator' with no password and press Enter > Follow the instruction to create a new password.

Run Sysprep (For deployment) –

Navigate to 'C:\windows\system32\sysprep' and run – sysprep /OOBE /Generalize /shutdown.

Disable/Enable Screen Saver and Screen Saver Lock –

Regedit: Navigate to HKEY_CURRENT_USER\Control Panel\Desktop and modify the 'ScreenSaverActive' & 'ScreenSaverIsSecure' Keys (0 to Disable, 1 to Enable).

Rename the Server –

netdom renamecomputer <ComputerName> /NewName:<NewComputerName>

Setup IP Configuration –

View Interfaces: netsh interface ipv4 show interfaces

Set IP for Interface: Netsh interface ipv4 set address "InterfaceName" static 17.17.0.2 255.0.0.0 17.17.0.1

Set DNS Server Addresses: netsh interface ipv4 add dnsserver name="InterfaceID" address="DNSIPAddress"

Run again for additional DNS Servers.

Join the computer to Domain –

netdom join "ComputerName" /domain:"DomainName" /userd:"UserName" /passwordd:*

When prompt for password, enter to domain user password.

EnableWindows Update –

Cscript c:\windows\system32\scregedit.wsf /au 4

Net stop wuauserv

Net start wuauserv

This will set the default configuration for Windows Update – 3AM update check. If you want to force update check run: Wuauclt /detectnow

Enable Remote Management on Firewall –

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

To disable the windows firewall –

netsh firewall set opmode disable

To enable the windows firewall –

netsh firewall set opmode enable

Enable Windows Remote Management (WinRM) –

winrm qc

Enable Remote Desktop –

cscript C:\Windows\System32\ Scregedit.wsf /ar 0

If Firewall Enabled –

netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

OK, so the above commands are needed for the initial setup of the server.

As far as I think, you, the IT person who will deploy Server Core, use it for mainly for two reasons: Domain Controller and Hyper-V.

As for Domain Controller, if you install Server Core as a DC, you probably use it in a site with poor physical security, and if so, you will probably want to configure it as RODC (Read Only Domain Controller).

Oh, I must know that a Read Only Domain Controller, require an operating Windows Server 2008 Full DC…

Now, here are the commands needed for the installation of a Windows Server 2008 Core RODC:

Install DNS –

start /w ocsetup DNS-Server-Core-Role

Prepare Schema for RODC –

On the Schema Master navigate to the following folder on Windows Server 2008 Media and run the following command:

X:\sources\adprep>adprep /rodcprep

Run Dcpromo with an unattended file for RODC Installation –

(dcpromo /unattend:<unattendfile>)

Sample of Unattended File for RODC Installation:

[DCInstall]

InstallDNS=Yes

ConfirmGc=Yes

CriticalReplicationOnly=No

DisableCancelForDnsInstall=No

Password=

RebootOnCompletion=Yes

ReplicaDomainDNSName= DomainDNSName

ReplicaOrNewDomain=ReadOnlyReplica

ReplicationSourceDC=SRV2008DC.DomainDNSName

SafeModeAdminPassword=

SiteName=Default-First-Site-Name

UserDomain=DomainDNSName

UserName=Administrator

You Server Core Initial Setup and RODC are Done!

Leave a comment