Hi,
Following my post Windows Server 2008 Core Initial Setup and RODC Installation, I would like to share with you this tool that I found at CodePlex, Microsoft’s open source project hosting web site.
Core Configurator, which his first beta version was released in September 2008, now has a stable version (v1.1) and as you can guess, it’s for a Windows Server Core setup.
The tool comes in two formats, ISO and CAB. Regarding the CAB format, you need to extract the CAB, copy the extracted files to your desired location on the Core server, and run the Setup-Core.wsf file which will launch the GUI. More info can be found in the CAB Readme file.
This is a very nice and simple tool to configure Server Core Installation!
Some of you are probably familiar with a more friendly tool called CoreConfigurator made by Guy Teverovsky. Unfortunately, Guy had to remove the tool. More info can be found here.
Enjoy the tool!
Thanks for reading!
Hi All,
As you probably heard, there is a new worm spreading lately that affects Windows based computers. The worm spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability described in Microsoft Security Bulletin MS08-067.
The worm, once infecting a computer, does the following:
- Extract all its files to the %System% directory with random DLL file names.
- Delete the user’s Restore Points.
- Create a services called Netsvcs and adds a registry key for the Netsvcs service.
- Create Schedule Tasks that execute the DLL files.
- Create HTTP server on the infected computer to spread the worm to other computers in the network through file shares.
- Create Autorun.inf file in file shares to execute the worm files once the share is accessed.
- Connect external sites to download additional files.
From what I encountered with some big customers, the effect of the virus is with high network consumption and user locks in Active Directory (probably because the worm try to use weak admin passwords…)
The good news are that yesterday Microsoft released a new version of the Windows Malicious Software Removal Tool - January 2009 (KB890830) that deals with the worm.
Symantec also released a Removal Tool yesterday that cleans the worm (apologies from other antivirus companies, I work with Symantec…): http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
If your network is not infected, you should consider the following steps to minimize the attack surface of the worm:
1. Download and deploy KB958644 update for the Server Service RPC Handling Remote Code Execution Vulnerability - Microsoft Security Bulletin MS08-067.
2. Disable ‘Autorun’ on the domain level through Group Policy - http://support.microsoft.com/kb/953252 .
3. Disable the Task Scheduler Service through Group Policy – Computer Configuration > Windows Settings > Security Settings > System Services.
4. Install the Latest Malicious Software Removal Tool - Windows Malicious Software Removal Tool - January 2009 (KB890830)
5. Update your antivirus software with the latest version/engine and definition.
Good Luck!
Thanks For Reading!
Hi,
For those of you who frequently work with group policy, I collected some tools I’ve been using with customers to troubleshoot Group Policy issues.
GPOTool – Part of the Windows Server 2003 Resource Kit Tools
The Group Policy Verification tool checks the health of the Group Policy objects on domain controllers. The tool checks GPOs for consistency on each domain controller in your domain. The tool also determines whether the policies are valid and displays detailed information about replicated Group Policy objects (GPOs).
http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd
Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA)
The Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) for Windows XP and Windows Server 2003 is designed to help you identify Group Policy configuration errors or other dependency failures that may prevent settings or features from functioning as expected.
http://www.microsoft.com/downloads/details.aspx?FamilyId=47F11B02-8EE4-450B-BF13-880B91BA4566&displaylang=en
GPOAccelerator
The GPOAccelerator creates all the Group Policy objects (GPOs) that you need to deploy recommended security settings for your environment to save you hours of work that you would otherwise need to configure these settings.
http://www.microsoft.com/downloads/details.aspx?FamilyID=a46f1dbe-760c-4807-a82f-4f02ae3c97b0&displaylang=en
For those of you who are Software Assurance Customers, the Microsoft Desktop Optimization Pack (MDOP) provides a great tool that provides enhancements to the Group Policy Management Console (GPMC). The tool is called Advanced Group Policy Management or AGPM for short
Advanced Group Policy Management (AGPM)
“Microsoft® Advanced Group Policy Management (AGPM) helps you better manage Group Policy objects (GPOs) in your environment by providing change control, offline editing, and role-based delegation.
From what I know and used, with AGPM you can choose which GPO’s you want to control, check the differences between two GPO’s and export them to HTML or XML Report, view the history of a GPO and deploy different versions, recover deleted GPO’s… and probably other capabilities that I didn’t check yet.
http://technet.microsoft.com/en-us/library/cc749396.aspx
Good Luck with the troubleshooting!
Thanks for Reading!
Hi,
My first blog post will give you an intro about Windows Server 2008 Core Edition and the required commands needed to configure a Server Core in your domain and add it as a DC.
As from Microsoft, “The Server Core installation option is a new option that you can use for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles”. I think there is no need to further explain..
Windows Server Core does not support all the Windows Server 2008 Roles & Features. The supported Roles & Features are:
|
Supported Server Roles |
Supported Server Features |
- Active Directory Domain Services (AD DS)
- Active Directory Lightweight Directory Services (AD LDS)
- DHCP Server
- DNS Server
- File Services
- Hyper-V
- Print Services
- Streaming Media Services
- Web Server (IIS)*
|
- Failover Clustering
- Network Load Balancing
- Subsystem for UNIX-based applications
- Backup
- Multipath IO
- Removable Storage
- Bitlocker Drive Encryption
- Simple Network Management Protocol (SNMP)
- Windows Internet Name Service (WINS)
- Telnet client
|
* As for Web Services, a Server Core installation does not support all Web Services and functionality. New Web Services enhancements will probably be available in Windows Server 2008 R2.
So, after this brief intro, here are the commands needed for your Server Core initial setup:
Set password for local admin –
Choose 'Other User' at the logon screen> type 'Administrator' with no password and press Enter > Follow the instruction to create a new password.
Run Sysprep (For deployment) –
Navigate to 'C:\windows\system32\sysprep' and run - sysprep /OOBE /Generalize /shutdown.
Disable/Enable Screen Saver and Screen Saver Lock –
Regedit: Navigate to HKEY_CURRENT_USER\Control Panel\Desktop and modify the 'ScreenSaverActive' & 'ScreenSaverIsSecure' Keys (0 to Disable, 1 to Enable).
Rename the Server –
netdom renamecomputer <ComputerName> /NewName:<NewComputerName>
Setup IP Configuration –
View Interfaces: netsh interface ipv4 show interfaces
Set IP for Interface: Netsh interface ipv4 set address "InterfaceName" static 17.17.0.2 255.0.0.0 17.17.0.1
Set DNS Server Addresses: netsh interface ipv4 add dnsserver name="InterfaceID" address="DNSIPAddress"
Run again for additional DNS Servers.
Join the computer to Domain –
netdom join "ComputerName" /domain:"DomainName" /userd:"UserName" /passwordd:*
When prompt for password, enter to domain user password.
EnableWindows Update –
Cscript c:\windows\system32\scregedit.wsf /au 4
Net stop wuauserv
Net start wuauserv
This will set the default configuration for Windows Update – 3AM update check. If you want to force update check run: Wuauclt /detectnow
Enable Remote Management on Firewall –
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
To disable the windows firewall –
netsh firewall set opmode disable
To enable the windows firewall –
netsh firewall set opmode enable
Enable Windows Remote Management (WinRM) –
winrm qc
Enable Remote Desktop –
cscript C:\Windows\System32\ Scregedit.wsf /ar 0
If Firewall Enabled –
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
OK, so the above commands are needed for the initial setup of the server.
As far as I think, you, the IT person who will deploy Server Core, use it for mainly for two reasons: Domain Controller and Hyper-V.
As for Domain Controller, if you install Server Core as a DC, you probably use it in a site with poor physical security, and if so, you will probably want to configure it as RODC (Read Only Domain Controller).
Oh, I must know that a Read Only Domain Controller, require an operating Windows Server 2008 Full DC…
Now, here are the commands needed for the installation of a Windows Server 2008 Core RODC:
Install DNS –
start /w ocsetup DNS-Server-Core-Role
Prepare Schema for RODC –
On the Schema Master navigate to the following folder on Windows Server 2008 Media and run the following command:
X:\sources\adprep>adprep /rodcprep
Run Dcpromo with an unattended file for RODC Installation –
(dcpromo /unattend:<unattendfile>)
Sample of Unattended File for RODC Installation:
[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=
RebootOnCompletion=Yes
ReplicaDomainDNSName= DomainDNSName
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=SRV2008DC.DomainDNSName
SafeModeAdminPassword=
SiteName=Default-First-Site-Name
UserDomain=DomainDNSName
UserName=Administrator
You Server Core Initial Setup and RODC are Done!
Additional information about Server Core & RODC - http://technet.microsoft.com/en-us/library/cc732801.aspx
Thanks for reading!