Windows Server 2008 Core Initial Setup and RODC Installation

12/01/2009

2 comments

Hi,


My first blog post will give you an intro about Windows Server 2008 Core Edition and the required commands needed to configure a Server Core  in your domain and add it as a DC.


As from Microsoft, “The Server Core installation option is a new option that you can use for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles”. I think there is no need to further explain..


Windows Server Core does not support all the Windows Server 2008 Roles & Features. The supported Roles & Features are:










Supported Server Roles


Supported Server Features



  • Active Directory Domain Services (AD DS)

  • Active Directory Lightweight Directory Services (AD LDS)

  • DHCP Server

  • DNS Server

  • File Services

  • Hyper-V

  • Print Services

  • Streaming Media Services

  • Web Server (IIS)*


  • Failover Clustering

  • Network Load Balancing

  • Subsystem for UNIX-based applications

  • Backup

  • Multipath IO

  • Removable Storage

  • Bitlocker Drive Encryption

  • Simple Network Management Protocol (SNMP)

  • Windows Internet Name Service (WINS)

  • Telnet client

* As for Web Services, a Server Core installation does not support all Web Services and functionality. New Web Services enhancements will probably be available in Windows Server 2008 R2.


So, after this brief intro, here are the commands needed for your Server Core initial setup:


Set password for local admin –


Choose ‘Other User’ at the logon screen> type ‘Administrator’ with no password and press Enter > Follow the instruction to create a new password.




Run Sysprep (For deployment) –


Navigate to ‘C:\windows\system32\sysprep’ and run – sysprep /OOBE /Generalize /shutdown.



Disable/Enable Screen Saver and Screen Saver Lock –


Regedit: Navigate to HKEY_CURRENT_USER\Control Panel\Desktop and modify the ‘ScreenSaverActive’ & ‘ScreenSaverIsSecure’ Keys (0 to Disable, 1 to Enable).




Rename the Server –


netdom renamecomputer <ComputerName> /NewName:<NewComputerName>




Setup IP Configuration –


View Interfaces: netsh interface ipv4 show interfaces


Set IP for Interface: Netsh interface ipv4 set address “InterfaceName” static 17.17.0.2 255.0.0.0 17.17.0.1


Set DNS Server Addresses: netsh interface ipv4 add dnsserver name=“InterfaceID” address=“DNSIPAddress”


Run again for additional DNS Servers.




Join the computer to Domain –


netdom join “ComputerName” /domain:“DomainName” /userd:“UserName” /passwordd:*


When prompt for password, enter to domain user password.




EnableWindows Update –


Cscript c:\windows\system32\scregedit.wsf /au 4


Net stop wuauserv


Net start wuauserv


This will set the default configuration for Windows Update – 3AM update check. If you want to force update check run: Wuauclt /detectnow




Enable Remote Management on Firewall –


netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes


To disable the windows firewall –


netsh firewall set opmode disable


To enable the windows firewall –


netsh firewall set opmode enable




Enable Windows Remote Management (WinRM) –


winrm qc




Enable Remote Desktop –


cscript C:\Windows\System32\ Scregedit.wsf /ar 0


If Firewall Enabled –


netsh advfirewall firewall set rule group=”Remote Desktop” new enable=yes



OK, so the above commands are needed for the initial setup of the server.


As far as I think, you, the IT person who will deploy Server Core, use it for mainly for two reasons: Domain Controller and Hyper-V.


As for Domain Controller, if you install Server Core as a DC, you probably use it in a site with poor physical security, and if so, you will probably want to configure it as RODC (Read Only Domain Controller).


Oh, I must know that a Read Only Domain Controller, require an operating Windows Server 2008 Full DC…


Now, here are the commands needed for the installation of a Windows Server 2008 Core RODC:


Install DNS –


start /w ocsetup DNS-Server-Core-Role



Prepare Schema for RODC –


On the Schema Master navigate to the following folder on Windows Server 2008 Media and run the following command:


X:\sources\adprep>adprep /rodcprep



Run Dcpromo with an unattended file for RODC Installation –


(dcpromo /unattend:<unattendfile>)


Sample of Unattended File for RODC Installation:


[DCInstall]


InstallDNS=Yes


ConfirmGc=Yes


CriticalReplicationOnly=No


DisableCancelForDnsInstall=No


Password=


RebootOnCompletion=Yes


ReplicaDomainDNSName= DomainDNSName


ReplicaOrNewDomain=ReadOnlyReplica


ReplicationSourceDC=SRV2008DC.DomainDNSName


SafeModeAdminPassword=


SiteName=Default-First-Site-Name


UserDomain=DomainDNSName


UserName=Administrator


You Server Core Initial Setup and RODC are Done!


 


Additional information about Server Core & RODC – http://technet.microsoft.com/en-us/library/cc732801.aspx


Thanks for reading!


Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

2 comments

  1. Machine rename02/04/2009 ב 13:15

    Rename the Server –
    Instead of
    (netdom renamecomputer
    /NewName:)
    you can use %computername% env variable which is much easeier to type than default win-blah-blah-xyz…

    Reply
  2. Curtis21/08/2009 ב 19:13

    Anyone know exactly how to configure NLB on Core?
    chaugen@northwrite.com

    Thank you

    Reply