RahulPatel–twikies…

October 21, 2009

Applications That Are Known to Work with RODCs

Filed under: Server 2008,Server Core — Rahul Patel @ 10:30 am

Overview of what applications are supported to run with a Read-Only Domain Controller (RODC) implementation.

1.Microsoft Internet Security and Acceleration (ISA) server
2.Microsoft Office Live Communications Server
3.Microsoft Systems Management Server (SMS)
4.Microsoft Office Outlook
5.Microsoft Operations Manager (MOM)
6.Windows SharePoint Services
7.Microsoft SQL Server 2005
8.Active Directory Certificate Services (AD CS)
9.Active Directory Rights Management Services (AD RMS)
10.Credential Roaming
11.Distributed File System (DFS)
12.Distributed File System Replication (DFSR) and File Replication Service (FRS)
13.Domain Name System (DNS)
14.Dynamic Host Configuration Protocol (DHCP)
15.Group Policy
16.Internet Authentication Service
17.Internet Information Services (IIS)
18.Network Access Protection (NAP)
19.Terminal Services (Users and Computers snap-in)
20.Terminal Services Licensing server

Note:Exchange isn’t on the list. In fact, you can’t run Exchange (2000, 2003, 2007) if there’s only a RODC it can connect to. Exchange needs a full-DC around to function correctly.
Reference:http://technet.microsoft.com/en-us/library/cc732790(WS.10).aspx

November 24, 2008

Server Core Default Services

Filed under: Server 2008,Server Core — Rahul Patel @ 6:43 pm
Service_Name Display_Name Mode
Account
AeLookupSvc Application Experience Auto LocalSystem
AppMgmt Application Management Manual LocalSystem
BFE Base Filtering Engine Auto LocalService
BITS Background Intelligent Transfer Service Auto LocalSystem
Browser Computer Browser Manual LocalSystem
CertPropSvc Certificate Propagation Manual LocalSystem
COMSysApp COM+ System Application Manual LocalSystem
CryptSvc Cryptographic Services Auto Network-Service
DcomLaunch DCOM Server Process Launcher Auto LocalSystem
Dhcp DHCP Client Auto LocalService
Dnscache DNS Client Auto Network-Service
DPS Diagnostic Policy Service Auto LocalService
Eventlog Windows Event Log Auto LocalService
EventSystem COM+ Event System Auto LocalService
FCRegSvc Microsoft Fibre Channel Platform Registration Service Manual LocalService
gpsvc Group Policy Client Auto LocalSystem
hidserv Human Interface Device Access Manual LocalSystem
hkmsvc Health Key and Certificate Management Manual LocalSystem
IKEEXT IKE and AuthIP IPsec Keying Modules Auto LocalSystem
iphlpsvc IP Helper Auto LocalSystem
KeyIso CNG Key Isolation Manual LocalSystem
KtmRm KtmRm for Distributed Transaction Coordinator Auto Network-Service
LanmanServer Server Auto LocalSystem
LanmanWorkstation Workstation Auto LocalService
lltdsvc Link-Layer Topology Discovery Mapper Manual LocalService
lmhosts TCP/IP NetBIOS Helper Auto LocalService
MpsSvc Windows Firewall Auto LocalService
MSDTC Distributed Transaction Coordinator Auto Network-Service
MSiSCSI Microsoft iSCSI Initiator Service Manual LocalSystem
msiserver Windows Installer Manual LocalSystem
napagent Network Access Protection Agent Manual Network-Service
Netlogon Netlogon Manual LocalSystem
netprofm Network List Service Auto LocalService
NlaSvc Network Location Awareness Auto Network-Service
nsi Network Store Interface Service Auto LocalService
pla Performance Logs & Alerts Manual LocalService
PlugPlay Plug and Play Auto LocalSystem
PolicyAgent IPsec Policy Agent Auto Network-Service
ProfSvc User Profile Service Auto LocalSystem
ProtectedStorage Protected Storage Manual LocalSystem
RemoteRegistry Remote Registry Auto LocalService
RpcSs Remote Procedure Call (RPC) Auto Network- Service
RSoPProv Resultant Set of Policy Provider Manual LocalSystem
sacsvr Special Administration Console Helper Manual LocalSystem
SamSs Security Accounts Manager Auto LocalSystem
SCardSvr Smart Card Manual LocalService
Schedule Task Scheduler Auto LocalSystem
SCPolicySvc Smart Card Removal Policy Manual LocalSystem
seclogon Secondary Logon Auto LocalSystem
SENS System Event Notification Service Auto LocalSystem
SessionEnv Terminal Services Configuration Manual LocalSystem
slsvc Software Licensing Auto Network-Service
SNMPTRAP SNMP Trap Manual LocalService
swprv Microsoft Software Shadow Copy Provider Manual LocalSystem
TBS TPM Base Services Manual LocalService
TermService Terminal Services Auto Network-Service
TrustedInstaller Windows Modules Installer Auto LocalSystem
UmRdpService Terminal Services UserMode Port Redirector Manual LocalSystem
vds Virtual Disk Manual LocalSystem
VSS Volume Shadow Copy Manual LocalSystem
W32Time Windows Time Auto LocalService
WcsPlugInService Windows Color System Manual LocalService
WdiServiceHost Diagnostic Service Host Manual LocalService
WdiSystemHost Diagnostic System Host Manual LocalSystem
Wecsvc Windows Event Collector Manual Network-Service
WinHttpAuto-ProxySvc WinHTTP Web Proxy Auto-Discovery Service Auto LocalService
Winmgmt Windows Management Instrumentation Auto LocalSystem
WinRM Windows Remote Management (WS-Management) Auto Network-Service
wmiApSrv WMI Performance Adapter Manual LocalSystem
wuauserv Windows Update Auto LocalSystem

November 22, 2008

Server Core Commands

Filed under: Server 2008,Server Core — Rahul Patel @ 5:37 am

Server Core is a version of Windows Server 2008 that has a minimal Graphical User Interface (GUI).  I say minimal when most say command-line only because there are GUI tools available such as Notepad and Task Manager.  One thing that definitely doesn’t run on Server Core is the Explorer process.  If you’re unaware of what that process does, just end the explorer.exe process in Task Manager from your client and look what happens…don’t freak out, all you need to do is then go back to Task Manager and select File -> New Task (Run…) and then type explorer.exe.

erver Core Common Networking and Firewall Commands

Here is the start of you Networking and Firewall related commands for Server Core:

Server Core Common Networking Commands

To configure the IP address we will have to remember (or learn) Netsh.

Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary

Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp

Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”

Server Core Common Windows Firewall Commands:

The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.

Disable firewall:
netsh firewall set opmode disable

Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely.  The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.

MMC Snap-in – Event Viewer
Windows Firewall Rule Group – Remote Event Log Management

MMC Snap-in – Services
Windows Firewall Rule Group – Remote Services ManagementMMC Snap-in – Shared Folders
Windows Firewall Rule Group – File and Printer Sharing
MMC Snap-in – Task Scheduler
Windows Firewall Rule Group –
Remote Scheduled Tasks Management

MMC Snap-in – Reliability and Performance
Windows Firewall Rule Group – Performance Logs and Alerts
Windows Firewall Rule Group – File and Printer Sharing

MMC Snap-in – Disk Management
Windows Firewall Rule Group – Remote Volume Management

MMC Snap-in – Windows Firewall with Advanced Security
Windows Firewall Rule Group – Windows Firewall Remote Management

To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=”remote administration” new enable=yes

To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=”” new enable=yes

Server Core Domain and Server Management Commands

Server Core Common Domain Management Commands

Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*

needs to have that second d at the end of it.

Remove from domain:
netdom remove

Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /password:*

Rename Administrator:
wmic UserAccount where Name=”Administrator” call Rename Name=”new-name”

Add User to a Local Group
net localgroup GroupName /add \

Remove User from a Local Group
net localgroup GroupName /delete \

Confirm Domain and/ New Computer name
Set

Update User Passwords:
Net user [/domain] *

Server Core Common Server Management Commands

Toggle Remote Desktop on and off:
Cscript \windows\system32\scregedit.wsf /ar 0

Enable reduced security for RDP connections:
Cscript \windows\system32\scregedit.wsf /cs 0

Active Server Core:
Local method – Slmgr.vbs –ato
Remote method – Cscript windows\system32\slmgr.vbsServerName UserName password:-ato

Rename a Stand-Alone Member:
netdom renamecomputer /NewName:

List of installed patches:
wmic qfe list

Install Updates:
wusa .msu /quiet

Configure for AutoUpdates:
cscript scregedit.wsf /AU /4

Disable AutoUpdates:
cscript scregedit.wsf /AU /1

View AutoUpdate Setting:
cscript scregedit.wsf /AU /v

Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=

Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :

All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat

List Running Services:
sc query

Start and/or Stop a Service:
sc start
sc stop

Task Manager: (Ctrl+Shift+Esc)
taskmgr

Manage Disk Volumes:
Diskpart /?
Defrag a Volume:
defrag /?

Change Time and Time Zone:
control timedate.cpl

Change the Desktop Resolution: (requires you to log off and back on)
Regedit – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
000\DefaultSettings.XResolution
000\DefaultSettings.YResolution

Display the Time in the Command Prompt:
prompt [$t]$s$p$g

Log off:
shutdown /l

Restart Now:
shutdown /r /t 0

Installing Roles and Features on Server Core

To get the Roles and Features installed you are going to need to use the ocsetup.exe command.  The OC is short for Optional Components.  The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete.  Below you will find a list of the commands that are required to install Roles and Features on Server Core.

DNS
start /w ocsetup DNS-Server-Core-Role

DHCP
start /w ocsetup DHCPServerCore

File Services (Server service is installed by default) but there are other role features

File Replication Service
start /w ocsetup FRS-Infrastructure

Distributed File System
start /w ocsetup DFSN-Server

Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition

Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base

Hyper V
start /w ocsetup Microsoft-Hyper-V

Print Server feature
start /w ocsetup Printing-ServerCore-Role

Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService

Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore

Active Directory Domain Services
dcpromo /unattend:

Streaming Media Services
Follow directions found in Article ID 934518

IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel

To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel

NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.

Now let’s take a look at how we install Features on Server Core:

Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core

Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer

Subsystem for UNIX-based applications
start /w ocsetup SUACore

Multipath IO
start /w ocsetup MultipathIo

Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore

Bitlocker Drive Encryption
start /w ocsetup BitLocker

Backup
start /w ocsetup WindowsServerBackup

Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC

Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC

Telnet client
start /w ocsetup TelnetClient

NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.

Having the Role or Feature installed doesn’t do much without going in and configuring the service.  The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista.

Blog at WordPress.com.