windows server 2008 core eyal malach senior instructor - hi-tech college infrastructure consultant -...
Post on 20-Dec-2015
225 views
TRANSCRIPT
Windows Server 2008 Core
Eyal MalachSenior Instructor - Hi-Tech CollegeInfrastructure Consultant - Calanit CarmonEmail: [email protected]
Session Objectives and Agenda• Why server core ?• Server Core Overview• Server Core Benefits • Deploying and Configuring Server Core locally• Remote Management of Server Core• Q & A• SUMMARY
Why Server Core?
• Windows Server is frequently deployed to support a single role or a fixed workload• However, you must deploy and service all of Windows
Server
• Value Proposition and challenges • Reduce the attack and servicing surface area• Servers optimized by role are easier to manage and
maintain• Increased reliability and security• Less installed and less running
Server Core Overview
• Server Core is:• A minimal installation option for Windows
Server 2008• Command Line interface, no GUI Shell
Server Core Overview (cont.)
• Server Core includes• A set of server roles
• DHCP, File, Print, AD, AD LDS, Media Services, DNS, and IIS
• The following optional features:• WINS, Failover Clustering, Subsystem for
UNIX-based applications, Backup, Multipath IO, Removable Storage Management, Bitlocker Drive Encryption, SNMP, Telnet Client, QoS
• Server Core also include Hyper-V
Server Core Benefits
Easier to Secure, Manage, and Maintain
Supports Key Infrastructure Roles
Minimal Server Installation
Supports Unattended Installation
Server Core Benefits (cont.)
Reduced attack surface
Less disk space required
Reduced software maintenance
Reduced management
Server Core Benefits (cont.)
Save as money !!! Save as time
Give as Security and peace of mind
Deploying Server Core
• Manual installation using Setup• Unattended installation using
• Setup Unattended• New WDS and MDT
• Only a clean install is supported no Upgrades• Cannot upgrade from a previous version of Windows Server• Cannot upgrade from Server Core to full Server with the
GUI shell• Cannot upgrade from full Server with the GUI shell to
Server Core
Managing Server Core
• Local management• Command Prompt and command line tools• Limited GUI tools (Notepad, Regedit, Task
Manager, Intl.cpl and Timedate.cpl)
Configuring Server Core
• Set admin password• Set static IP address• Join existing domain• Activate the Server• Configure the
firewall• Installing Roles and
Features
How do I start ?
Local management Basic configurationInstalling and configuring server roles
Managing Server Core
• Remote Management• Terminal Server• WS-Management and Windows Remote Shell for
remote command execution • MMC Snap-ins• Power Shell• Third Party Management Tools
Enabling Terminal Services
• Command Line• Remote Admin mode
• Cscript scregedit.wsf /ar 0• Allow pre-Vista/Windows Server 2008 clients
• Cscript scregedit.wsf /cs 0• You can also use Group Policy • Not necessary to have the full desktop for only
CMD.exe• You can configure only cmd.exe in RemoteApp
Terminal server 2008
Managing with Windows Remote Shell
• Windows Remote Management (WinRM) • WS-Management - secure firewall friendly mgmt protocol
• Windows Remote Shell (WinRS)• Requires Windows Vista or Windows Server 2008• Only command line tools or scripts without UI can be
executed • Prompts are problematic, full interactive mode not
supported• For example, “press any key”
Configuring WinRM on Server Core
• The Server side of WS-Management• From the command line
• WinRM quickconfig
• Can also be configured using Group Policy• The client side of WS-Management
• WinRS –r:ServerName cmd
Managing Server Core using MMC
• Once Server Core is installed and roles are installed• Server Core can be fully managed remotely
using MMC• No need to use the command line
Server Role Snap-ins for Remote Management
• Server Role MMCs are not installed by default in full Server installations• Remote Server Administration Tools (RSAT) makes these
available
• RSAT for Windows Vista is finally available • Server Role installation opens appropriate Firewall
ports for remote management
Using Remote Desktop to manage the server remotely Using WinRM to manage the server remotelyUsing MMC to manage the server remotely
Configuring the Firewall on Server Core
• Use netsh advfirewall• To view current profile • To see rules and current configuration• To enable a rule
• Use the Windows Firewall with Advanced Security MMC snap-in
• Must first enable firewall remote management firewall rule on the Server Core installation• Netsh advfirewall firewall set rule group=“Windows
Firewall Remote Management” new enable=yes
Which Rules for Which MMC?
• There isn’t a rule group for every MMC snap-in• There is overlap between the rules• Some MMC snap-ins require additional configuration
MMC Snap-in Rule GroupEvent Viewer Remote Event Log Management
Services Remote Service Management
Shared Folders File and Printer Sharing
Task Scheduler Remote Scheduled Tasks Management
Reliability and Performance “Performance Logs and Alerts” and “File and Printer Sharing”
Some MMCs Require Additional Configuration
• Device Manager• Must enable the "Allow remote access to the PnP
interface" policy
• Disk Management• Enable the “remote volume management” firewall group• Start the Virtual Disk Service (VDS)
• IPSec Mgmt• Cscript \windows\system32\scregedit /im 1
PowerShell
• Not supported locally on Server Core• Can use PowerShell to remotely manage Server
Core via WMI• The IIS 7 PowerShell cmdlets are all WMI based
• To remotely use WMI through PowerShell• Get-WMIObject <wmi class> -computername <server>
• To obtain a list of WMI Classes• Get-WMIObject –list –computername <server>
Creating a DC
• DCPromo is used to install/remove the associated Active Directory Domain Services
• Must be run in unattended mode• Specify the configuration via an
unattended file• The Active Directory Domain Services
Installation Wizard running on the full server can be used to create a suitable unattended
Configuring the firewall in Server CoreInstalling active directory on Server CoreUsing CoreConfigurator
summary
• Why server core ?• Server Core Overview• Server Core Benefits • Deploying and Configuring Server Core locally• Remote Management of Server Core• Your next step
! משוב למלא כדאי? ממלאים איך
•, יום כל בסיום שישלח מייל בעקבות, HPבמתחם Business Centerב-•ודן • הילטון במלונות האינטרנט בעמדות
? חולצת לך מגיעה משוב !Live Itמילאת? הכנס ימי בשלושת משוב מלאת
ב לזכות הזדמנות לך לתאילנד יש טיסה מתנת כרטיס' , BTCסוכנות ק ג בלאק , מכשיר סמסונג מכשיר מתנת
HTC , ניופאן סנטר מתנת ...DataSafeמתנת מדיה ועוד
Eyal MalachSenior Instructor - Hi-Tech CollegeInfrastructure Consultant - Calanit CarmonEmail: [email protected]
Thank you very much for
participating
© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.