Get reacquainted with the command line
| Executive Summary:|
Server Core (Windows Server 2008's alternative OS installation) provides several command-line management options.
If you've taken the time to install Server Core—Windows Server 2008's alternative OS, with its lighter footprint and smaller attack surface—you've been struck by the return of the much loved/hated command line. I don't mean PowerShell (available in Server 2008 R2), but the old cmd.exe. As you dust off your DOS guides and refresh your memory about how to use the command line, you'll need to attend to several other important tasks as well.
First, you need to configure your Server Core system: Join the domain, and possibly change computer names, IP address configuration, firewall settings, Windows Update settings, and so on. Second, you need to enable the roles and features that you want to run under Server Core. Note that Server Core doesn't include Server Manager, so you'll have to use the OCList and OCSetup command-line tools. (For more information about configuring Server Core, see Top 10, "Essential Server Core Setup Commands.") Finally, you need to manage your Server Core system.
The five Server Core management techniques I present here include one local method and four remote methods. Only one of the methods uses a GUI console—so get ready to re-embrace the command line.
1. Local Command Prompt
The easiest way to manage Server Core is to use the local command prompt (i.e., cmd.exe). If you prefer to use a GUI tool to configure Server Core, you can download the Server Core Configurator from www.codeplex.com/CoreConfig. You can use several GUI tools within Server Core as well, such as Notepad, Taskmgr (for Task Manager), Regedit (for the Registry Editor), timedate.cpl (for the Date and Time applet) and intl.cpl (for the Regional and Language Options applet).
For more information about configuring Server Core, including configuration commands, see Microsoft's "Server Core Installation Option of Windows Server 2008 Step-By-Step Guide." For information about specific commands, see the Microsoft TechNet A-Z command-line reference page. Finally, for videocasts about managing Server Core through Terminal Services, RemoteApp, Windows Remote Shell, and MMC snap-ins, see the bulleted list at the end of this article.
2. Terminal Services
If you use Terminal Services to manage Server Core, you're actually connecting remotely for administrative purposes, so you must edit the registry to enable the Remote Desktop for Administration feature. To enable Remote Desktop for Administration on a Server Core system, go to the command prompt and enter
Cscript c:\windows\system32\scregedit.wsf /ar 0
You should receive output indicating that the registry has been updated.
If the Server Core system has a firewall enabled, you need to open the RDP port to allow the connection. To open the RDP port, enter
netsh firewall add portopening TCP 3389 RDP
Once your Server Core system is set up, open the RDP connection from another system. A quick way to do accomplish this is to enter
in the Start menu's instant search bar. Then, enter the IP address (or the server name if DNS is configured) and provide the logon credentials. The remote desktop screen will open as a command prompt, with the blue desktop background.
The benefit of this type of connection over a RemoteApp connection (which I discuss in the next section) is that you can still run other applications outside of the command line on your remote desktop. When your work is complete, just enter
to close the connection.
3. Terminal Services with RemoteApp
Using an RDP connection to connect to the entire system might seem like overkill—especially if you only need the command prompt. Alternatively, you can use a new Server 2008 Terminal Services feature called RemoteApp. This feature lets you create an RDP connection that opens only the command prompt rather than the entire desktop. Before you begin, follow my previous instructions to enable Terminal Services connections.
To create a RemoteApp rdp file, you need to install the Terminal Services role on a non–Server Core Server 2008 server. You can use Server Manager to accomplish this task.
After you install the Terminal Services role, select the TS RemoteApp Manager option from the Start menu, under Administrative Tools, Terminal Services. The RemoteApp Manager console will open.
Next, select the option to connect to another system, and choose the Server Core system. In the Actions pane on the far right, select Add RemoteApp Programs and locate the cmd.exe application (typically located under c$\windows\system32\cmd.exe). From the Allow list, select Remote cmd.exe. Then, select Create RDP package in the Actions pane.
After the package is created, you can double-click to open only the command prompt in a Terminal Services session. In addition, you can send the cmd.rdp file to other users who need to access the Server Core system in a RemoteApp command line.
4. Windows Remote Shell
Windows Remote Management (WinRM) is an implementation of the WS-Management protocol (a SOAP-based firewall-friendly protocol) that allows interoperability between the OS and a variety of hardware vendors. In addition, WinRM lets you connect to a Server Core system and work within a command prompt without creating a Terminal Services connection. One of the benefits of using WinRM is that it uses HTTP port 80 (or HTTPS port 443) to establish the connection. Because these ports are typically already open on firewalls, establishing the connection is quite easy. The idea is that you create a system that is a WinRM listener on one side (the Server Core machine), then use the WinRS tool to connect to that machine.
Before you begin, you need to join the Server Core system to the domain and log on to the domain at least once as an administrator on the Server Core machine. (Note that you must use a Server 2008, Windows 7, Windows Vista, or Windows Server 2003 R2 system to make the connection,)
Go to a command prompt on the Server Core system you want to administer and enter
Then, on the system you want to administer the Server Core machine from, enter the command you want to run, as follows:
winrs -r:<ServerCoreSystemName> <command>
You can initiate any command (e.g., dir, ipconfig), but an ideal approach is to issue the cmd.exe command, which fully connects your command prompt to the Server Core machine. Then, any command you enter will run on the Server Core system, and you don't have to reenter the entire winrs command.
5. MMC Snap-Ins
The Microsoft Management Console (MMC) provides a GUI method of administering Server Core. But before you can run the standard consoles, you must do some command-line work. First, you need to configure the firewall on your Server Core system to allow MMC snap-ins to connect.
Go to a command prompt and enter
netsh advfirewall firewall set rule group="remote administration" new enable=yes
To allow only specific snap-ins, enter
netsh advfirewall firewall set rule group="<rulegroup>" new enable=yes
I prefer to allow all snap-ins to connect. If you'd rather enable only the snap-ins you need, you must know the rule group names that correspond to the snap-ins. Table 1 provides this information. In order to use MMC snap-ins to manage a Server Core system, you must have administrative privileges on the system.
|MMC Snap In||Rule Group Name|
|Event Viewer||Remote Event Log Management|
|Services||Remote Services Management|
|Shared Folders||File and Printer Sharing|
|Task Scheduler||Remote Scheduled Tasks Management|
|Reliability and Performance Monitor||Performance Logs and Alerts (and File Printer and Sharing)|
|Disk Management||Remote Volume Management|
|Windows Firewall with Advanced Security||Windows Firewall Remote Management|
You need to consider whether the Server Core system you want to manage is a domain member. If the system is part of the domain, simply open the MMC console, right-click the hierarchy to select Connect to another computer, and enter the name of the Server Core system.
If the Server Core system you want to manage doesn't belong to the domain, you must use administrative credentials to create a connection to the Server Core system from your client machine. To do so, open a command prompt on the client machine and enter
cmdkey /add:<Server Core System Name> /user:<Administrator Account
User Name> /pass:<Administrator Password>
You can then manage the Server Core machine as you would any other system in the domain.
Multiple Management Options
Now that you have more than one point of entry, you can use your command-line skills to take full advantage of Server Core. Server 2008 R2 will include the ability to run PowerShell also, which will undoubtedly increase your ability to administer Server Core both locally and remotely.
Server Core Videocasts on ittv.net