Happy Fun Time with Windows Server 2008 Server Core – Part II

So this post is probably going to be sort of boring – it’s mostly just odds and ends for getting your Server Core into a manageable state by configuring Windows Update and enabling various forms of remote administration.

Keeping Your Server Core Updated

 
I should preface this whole discussion by stating that in a production environment, you’d probably be using a WSUS server infrastructure to manage updates and patches for your servers and clients, and that’s definitely the easiest way to manage updates for Server Core.  Conversely, however, you probably don’t have WSUS set up in your test environment.  Since my test networks are fully virtual, I like to create a fully updated VM as a template, and then use that VM’s disk to create child differencing disks (in Hyper-V) or linked clones (in VMware Workstation) to provision my test set-ups — this saves a LOT of time, as you can spin up new servers and clients in minutes to test new configurations). 
 
On a Server Core machine, you have to configure Windows Updates from (surprise!) the command line, but Microsoft has included a script that simplifies this task (and serveral registry settings) considerably.  It’s called scregedit.wsf, and while it’s not the most verbose or informative thing in the world, it does work as advertised.  To use scregedit.wsf, you have to move your command line to the directory where it is located:
 
cd c:windowssystem32
 
On Windows NT 6.0 (the 2008/Vista generation of Windows products), Windows Update has five basic modes, which correspond to five possible decimal values for the registry key HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateAUOptions:
 
  1. Disabled
  2. Notify before downloading, notify before installing
  3. (Default setting on a full install) Download updates automatically and notify when they are ready for install
  4. Automatically download, automatically install on a specified schedule (default 3 AM)
  5. Allow local administrators to select the configuration mode.

Because Server Core lacks the Exporer.exe shell that provides the functionality for any sort of configuration or automatic notifications, options 2, 3 and 5 are unavailable.  With Server Core, your choices are 1 or 4, and 1 (disabled) is the default setting.

If you’re unsure about the current mode, type

cscript scregedit.wsf /AU /v

scregeditAuV
 
To set the machine to automatically download and install updates, type:
cscript scregedit.wsf /AU 4
scregeditAu4
 
That updates the registry setting, but for those settings to take effect, you need to restart the Windows Update service:
net stop wuauserv
net start wuauserv
WuauservStopStart
 
At this point, you can either leave the VM running and let it auto-update itself (must be nice to have that kind of time!) or you can kick off update detection manually like so:
wuauclt /detectnow
You don’t’ get any progress indicator or reboot notifications, of course, so the only way to watch how things are going is to kick off taskmgr.  When the TrustedInstaller.exe process shuts down, you’re good to reboot.  Rinse and repeat.
 
 
TaskMgr
 

Remote Management

Remotely managing a server core machine from a full-install Windows Server machine (or a Windows Vista or 7 machine) is the easiest and most enjoyable route in the long run, but it takes a little configurin’ on the Server Core box itself.  As is the case in ALL remote management scenarios, this will be precisely one billion times easier if the server and the management console belong to the same domain. 

I should also note that if you’re using the Server Core version of Windows Server 2008 R2, the sconfig.exe utility greatly simplifies this whole area.  Use it.

First, we want to be able to control the firewall settings from a remote MMC console, so we’re going to enable remote administration of the Windows Advanced Firewall:

netsh advfirewall set currentprofile settings remotemanagement enable

Now you can create new firewall rules, etc., from a remote system. 

Next, we want to configure general remote management settings:

netsh advfirewall set rule group=”Remote Administration” new enable=yes

Finally, we want to enable remote desktop access just in case we want to remote in for some command-line suffering.  This is another easy one thanks to scregedit.wsf.  Just remember to cd to %windir%system32 and type

cscript scregedit.wsf /AR 0

0 enables RDP, whereas 1 disables it.

And now you can remotely manage your Server Core!  I know, try to control your excitement.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: