Monday, April 23, 2018

Server Core: Navigating an old but new world

Lately, I've done a lot of posting on Server Core and one thing I've neglected to write on is how you actually navigate in this new world.

Starting with Windows Server 1709 (and at the time of this writing), the "current branch" models of Windows Server will not have a GUI and your one and only option will be to install the Core OS. This doesn't mean that the GUI is going away, think about Citrix installations, RemoteApp, and the vast majority of products (including Microsoft ones) that aren't supported on Server Core. So, take heart, the GUI isn't going anywhere, but will take a backseat into more what was called "Long Term Servicing".

The argument I hear all the time is that people don't want to use Core because it's not what they're used to. It's called "Windows" and some even argue if they want a command line interface, they'll switch to Linux.

I've discussed the benefits of a Core OS in other blogs, but I'm just going into using it. So, here are some tips and things to help you tolerate this new world a little better.

My disclaimer is simple, there are probably more things, more features, and some things I may have missed. I'm writing what comes to mind and what seems important to me.

Tip #1: Not everything is going to be there

Some Windows features like SMTP Server, WDS Server, and what not will not be supported. Also, some apps you may use like Azure AD Connect are not supported on Core. Unless you're testing, insure you have a supportability statement that whatever you run works on Core.

Tip #2: What's old is new

Nothing really changed in Server Core as it is still Windows. If you know the command line or PowerShell, this all works the same (assuming the app or feature is supported in Core). Okay, I'll go here, even VBScript has been known to work a time or two here...

Tip #3: There is Server Manager

Server Manager is a great "wimp out clause" if you want to install a role or feature remotely. Keep in mind Server Manager is smart enough to know that a feature isn't supported on Core. Keep in mind that Server Manager needs to be enabled first with this Windows PowerShell cmdlet: Configure-SMRemoting.exe -Enable.

Tip #4: Don't forget Group Policy and Preferences

Let's not forget with the Windows backbone that you have access to things like Group Policy. You can easily configure many items right from GPO with no scripting involved. Some examples? Windows Update, firewall settings, and Remote Desktop to name a few. I would suggest using different policies for Core as you won't need to worry about user interface items.

Tip #5: Most of your basic tasks: sconfig

There is a tool in Server Core called sconfig. For those not noticing, it is a VBScript. What the *)#&^$&*^ is a VBScript doing in Server Core when Microsoft is pushing PowerShell? Actually, this VBScript predated PowerShell being in Server Core, and just stayed.

What can you do with it? It's an older looking DOS command like menu that does the following (and more):

  • Change the computer name
  • Join the domain
  • Change IP v4 Settings
  • Change date and time
  • Set up Windows Update (and install updates)
  • Shutdown/Restart/Logoff the server

So, this tool can take care of a lot of the basics for you, even if there are plenty of tools that can help, like GPO, NTP, and the like.

Tip #6: There's always command line

So, when you can't do something via the GUI or remotely in Server Manager, there is always command line.

There are plenty of articles how to run netsh.exe to do firewall rules and set IP addresses. For that basic stuff, I would use sconfig to configure it.

If you have admins that just log into systems for the sake of rebooting them, you should look for another way around this.

Below is a table with some common tasks and ways to get around with the command line. This table isn't exhaustive, but shows you that there are command line ways to do a lot of things. Of course, you may want to season these commands more to your liking with other parameters...

Substitute Commands

Instead of this... Use this...
Log off the workstation shutdown -l Restart the workstation shutdown -r -f -t 0This can also be done remotely by adding -m \(computername) Analyze/Dump the System or Application Log PowerShell: Get-EventLog -LogFile System | Out-File (filename)Get-EventLog -LogFile Application | Out-File (filename) Check for Windows Updates wuauclt.exe /detectnow Install Windows Updates wuauclt /updatenow Get System Info systeminfo.exe (although msinfo32.exe still works) Manual Install of a driver (not needed if your hardware is plug and play) pnputil.exe -i -a (path to INF)

Tip #7: Some stuff does work

Now, this is an area to tread lightly in, because your results may vary here in what may work and what doesn't.

Some things I've noted that work, and this is not an exhaustive list, but some things to keep in mind:

  • Notepad
  • The SysInternals tools (the ones I use)
  • CMTrace
  • Some installers (get good with your command lines)
  • Very limited control panel applets
  • Anything that does not make calls to libraries or DLLs that are not included in Server Core. This may not be saying a lot, but if you see it works on Windows Server and not on Core, you may want to get a supportability statement from the vendor on it.

Tip #8: Remote Tools

We used to call this "single seat administration" back in the day, but the tools for a lot of the things needed on core can be loaded on a workstation. Think of things, but not limited to:

  • AD Users and Computers
  • Group Policy Management
  • WSUS Console
  • SQL Management Studio
  • MDT's Deployment Workbench
  • ...and plenty more...

The important thing to note is that the server will be under less pressure without the GUI (or local logon) and everything can be managed from an administrative workstation or jump server.

Tip #9: Some "oldie but goodie" techniques still work

Some tools like RDP is still available in Server Core, but it is nothing more than a command prompt. You still have access to things like Scheduled Tasks and SMB copies. You are not out in the dark.

There seems to be a big knowledge gap in managing Server Core, and for those who remember the command line (seems to be a distant memory), this isn't a bad thing. For those who have only known the mouse and keyboard, time to catch up a bit. But at the end of the day, this really isn't as hard as it looks. It just takes some time and patience, you'll get there...

— Easy link to my blog: http://aka.ms/leesteve
If you like my blogs, please share it on social media and/or leave a comment.



from TechNet Blogs https://ift.tt/2F9Yynp

No comments:

Post a Comment