Windows Server 2008 Core Admin Commands

Server Core Administration “Bible Commands”

Below is a correlation of commands for administering and configuring Server Core platforms. This has been pieced together over a period of time. Some commands will show real world examples, others are self explanatory. This guide will be an ongoing developing process.

Note:If your not ready for all these server core commands take a look at the product "Portlock SMART Suite for Windows", which provides a GUI for server core platforms and accomplishes many of these tasks.

What you will find (click on learn more below):

• Networking Commands
• Windows Firewall Commands
• Server Role Commands
• Administration Commands
• Windows Update Commands



Networking Commands

Show NICs
netsh interface ipv4 show interfaces

Show NIC Configuration
netsh interface ipv4 show config

Configure Static IP
netsh interface ipv4 set address name=”2” source=static address=xxx.xxx.xxx.xxx mask=xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx

Example: netsh interface ipv4 address name=”local area connection 2” address=192.168.1.231 mask=255.255.255.0 gateway=192.168.1.1

Add Primary DNS
netsh interface ipv4 add dnsserver name=”2” address=xxx.xxx.xxx.xxx index=1

Add Secondary DNS
netsh interface ipv4 add dnsserver name=”2” address=xxx.xxx.xxx.xxx index=2

Rename server
netdom renamecomputer oldname /NewName:newname

Example: netdom renamecomputer %computername% /NewName:server2003

Rename Domain Joined Computer
netdom renamecomputer %computername% /NewName: /userd: /password:*

Example: netdom renamecomputer %comtpuername% /NewName:HPDL380-

New /userd:test.local\john.doe /F5ght81rP:*

Add to Domain
netdom join servername /domain:domainname /userd:domain\username
/password:*

Example: netdom join dell2950-srv4 /domain:workgroup /userd:local.host\john.doe /F5ght81rP:*

Remove from domain:
netdom remove

Example: netdom remove /host.local

Confirm Domain/Computer name
Set
(Also see): systeminfo

Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /password:*

Disable Interface
netsh interface set interface “Local Area Connection 2” disabled

Delete DNS entries
netsh interface delete dnsserver name=”2” address=all

Example: netsh interface delete dnsserver name=”dell2950-srv1” address=all

All TCP/IP commands available including the following:


IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat

Windows Firewall Commands

Note: Once Windows Server Core has been installed, the firewall settings will be enabled by default

Disable firewall:
netsh firewall set opmode disable

Note: Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely.

MMC Snap-in - Event Viewer
Windows Firewall Rule Group - Remote Event Log Management

MMC Snap-in - Services
Windows Firewall Rule Group - Remote Services Management MMC Snap-in - Shared Folders

Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Task Scheduler

Windows Firewall Rule Group - Remote Scheduled Tasks Management
MMC Snap-in - Reliability and Performance

Windows Firewall Rule Group - Performance Logs and Alerts

Windows Firewall Rule Group - File and Printer Sharing

MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management

MMC Snap-in - Windows Firewall with Advanced Security

Windows Firewall Rule Group - Windows Firewall Remote Management
To enable all of these rules follow use this command:

Netsh advfirewall firewall set rule group=“remote administration” new enable=yes

To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes

Server Roles
The ocsetup.exe is used to install roles and features. (OC stands for optional components)

Note: This command is case sensitive

The following server roles may be installed with Windows Server 2008 Core:

• Active Directory Domain Services (AD DS) and AD Lightweight Directory Services (AD LDS)
• DNS Server
• Internet Information Services (IIS) (No ASP.NET support)
• DHCP Server
• File Services
• Print Services
• Streaming Media Services
• Hyper V

Discover available server roles:
Oclist

DNS
start /w ocsetup DNS-Server-Core-Role

DHCP
start /w ocsetup DHCPServerCore

File Services (Server service is installed by default) but there are other role features

File Replication Service
start /w ocsetup FRS-Infrastructure

Distributed File System
start /w ocsetup DFSN-Server

Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition

Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base

Hyper V
start /w ocsetup Microsoft-Hyper-V

Print Server feature
start /w ocsetup Printing-ServerCore-Role

Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService

Note: Adding or removing the Active Directory role with OCSetup.exe is not supported. Always use DCPromo to install or uninstall Active Directory

Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore

Active Directory Domain Services
dcpromo /unattend:

Streaming Media Services
Follow directions found in Article ID 934518

IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel

To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel

Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core

Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer

Subsystem for UNIX-based applications
start /w ocsetup SUACore

Multipath IO
start /w ocsetup MultipathIo

Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore

Bitlocker Drive Encryption
start /w ocsetup BitLocker

Backup
start /w ocsetup WindowsServerBackup

Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC

Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC

Telnet client
start /w ocsetup TelnetClient

NOTE: If you need to un-install a Role that you installed with ocsetup all you need to do is to use the commands above with /uninstall.

To uninstall a server role:
Start /w ocsetup /uninstall

Example: start /w ocsetup Microsoft-Hyper-V /uninstall

Admin Configuration

Activate the Server
(Local Method )
C:\widows\system32\cscript slmgr.vbs –ato

(Remote method)
Cscript windows\system32\slmgr.vbsServerName UserName password:-ato

Enable Remote Desktop for Administration
C:\windows\system32\cscript scregedit.wsf /AR 0

Restart server
shutdown /r t 0
shutdown /r

Log off
logoff

Logged on user
whoami

Start Task Manager
taskmgr

Rename Administrator:
wmic UserAccount where Name="Administrator" call Rename Name="new-name"

Add User to a Local Group
net localgroup GroupName /add \

Remove User from a Local Group
net localgroup GroupName /delete \

Update User Passwords:
Net user [/domain] *
Net user administrator *

Toggle Remote Desktop on and off:
Cscript \windows\system32\scregedit.wsf /ar 0

Enable reduced security for RDP connections:
Cscript \windows\system32\scregedit.wsf /cs 0

Rename a Stand-Alone Member:
netdom renamecomputer /NewName:

Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=

Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :

List Running Services:
sc query

Start and/or Stop a Service:
sc start
sc stop

Manage Disk Volumes:
Diskpart /?

Example: (format disk)
Diskpart
List disk
Select disk 1
Clean
Create partition primary
Active
Format fs=ntfs
Assign
exit

Defrag a Volume:
defrag /?

Example: defrag –c
(defrags all volumes on computer):

Change Time and Time Zone:
control timedate.cpl

Change the Desktop Resolution: (requires you to log off and back on)
Regedit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
\0000\DefaultSettings.XResolution
\0000\DefaultSettings.YResolution

Display the Time in the Command Prompt:
prompt [$t]$s$p$g

Note: to remove time log off and log back in
Enable error reporting
serverWerOptin /detailed
serverWerOptin /summary
Disable Error Reporting
serverWerOptin /disable

Windows Updates

Note: Windows updates config commands should be performed from c:\windows\system32

List of installed patches:
wmic qfe list

Install Updates:
wusa .msu /quiet

Force Update check
Wuauclt /detectnow

List installed updates:
systeminfo

Configure for AutoUpdates:
cscript scregedit.wsf /AU /4

Example: Cscript c:\windows\system32\scregedit.wsf /au 4
Net stop wuauserv
Net start wuauserv

Disable AutoUpdates:
cscript scregedit.wsf /AU /1

View AutoUpdate Setting:
cscript scregedit.wsf /AU /v





Thursday, January 22, 2009

0 comments: