DefinIT

Configuring Server 2008 R2 Core Series: Management Tasks

| 24/03/2010 | Tags: , ,

So, you’ve installed a new server with Server 2008 R2 Core – what next? Logging on, you’re presented with a shiny command prompt, you can run notepad or regedit…but aside from that, where do you go from there? In the next few series of posts I’ll hopefully point out the basics, and some not so basics!

I’m going to look at some management tasks – the bread and butter of being a Windows admin.

Activating Server 2008 Core

Activating Server 2008 Core is done via a pre-packaged script called slmgr.vbs -  “Windows Software Licensing Management Tool”

Firstly, you have to install a Product Key (unless it was done during your install)

cscript C:\windows\system32\slmgr.vbs /ipk <Product Key>

image

After that, it’s just a case of automatic activation, assuming you have internet access

cscript C:\windows\system32\slmgr.vbs /ato

 

If you’ve not got internet access for the server you can use the /dti option to get the Activation ID, call the Microsoft Licensing and Activation line and tap it in. Then use the /atp option to enter the response and activate.

 

Windows Updates

If you read the last post in this series, Configuring Server 2008 R2 Core Series: Network Settings, you may have seen the option in sconfig.cmd to set Windows Update settings. That’s the first, interactive, way to configure Windows Updates. It’s worth noting that the easiest way to do this is via your Group Policies, if you’re on a domain.

===============================================================================
                         Server Configuration
===============================================================================

1) Domain/Workgroup:                    Domain:  MCGEOWN.LOCAL
2) Computer Name:                       ServerCore2008
3) Add Local Administrator
4) Configure Remote Management

5) Windows Update Settings:             Manual
6) Download and Install Updates
7) Remote Desktop:                      Disabled

8) Network Settings
9) Date and Time

10) Log Off User
11) Restart Server
12) Shut Down Server
13) Exit to Command Line

Enter number to select an option: 5

Windows Update currently set to: Manual
Select (A)utomatic or (M)anual updates: A

Enabling Automatic updates...

The second method is the more command-line, scripting method. This sets it to download automatically and install at 3am every day (“/au 1” disables, “/au /v” shows current value):

Cscript c:\windows\system32\scregedit.wsf /au 4

 

Enabling Remote Management

Similarly to Windows Updates, remote management can be configured via sconfig.cmd or command line. Here’s how:

Enter number to select an option: 4
--------------------------------
  Configure Remote Management
--------------------------------

1) Allow MMC Remote Management
2) Enable Windows PowerShell
3) Allow Server Manager Remote Management
4) Show Windows Firewall settings

5) Return to main menu

Enter selection: 1

Enabling MMC firewall exceptions and Virtual Disk Service...

Enter selection: 2

Enabling Windows PowerShell...
Setting Windows PowerShell execution policy to remotesigned...

[Server requests a reboot here - you can't enable Server Manager until it's done]

Enter selection: 3

Setting Windows PowerShell execution policy to remotesigned...
Enabling Server Manager cmdlets...

Configuring Remote Server Manager settings...

 

If you need to do this via the command line, it happens like this…

Enable WinRM:

C:\Users\Administrator> winrm quickconfig
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
Make these changes [y/n]? y
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.

Fire up PowerShell (powershell.exe) and set the execution policy to RemoteSigned

Set-ExecutionPolicy RemoteSigned

Then enable the Remote Administration rules on the firewall:

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

To configure management by Remote Desktop, you can run the now-familiar sconfig.cmd and select option 7, or you can issue the following commands:

cscript c:\windows\system32\scregedit.wsf /ar 0

netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

Bear in mind that your RDP session will need TLS authentication and will not give you a desktop or GUI, just the command line interface. If you need to disable TLS for older clients (e.g. XP) you have to disable it with the following command:

cscript C:\Windows\System32\Scregedit.wsf /cs 0

Can you manage?

With all those steps completed, you should be able to connect to your server with Remote Server Administration Tools on any Server 2008 or Windows 7 computer.

This is my Windows 7 PC connected via “Server Manager”image

To connect via WinRS (Windows Remote Shell) and execute remote commands, use:

winrs -r:<server name> <command>

e.g:

winrs –r:<Server Name> cmd

Allows me access to the command shell on that server.

Finally, this is what RDP to the same server looks like:

image

Hopefully that gives you a few options for managing your Windows Server 2008 Core machine!