Latest posts by Sander Berkouwer (see all)
- Review: Softerra Adaxes - Automating Active Directory management - Thu, Jun 4 2015
- Azure Multi-Factor Authentication - Part 8: Delegating Administration - Tue, Apr 28 2015
- Azure Multi-Factor Authentication - Part 7: Securing AD FS - Thu, Apr 23 2015
Server Core Default settings ^
A fresh Server Core installation of Windows Server 2012 is an image-based installation, with the following default settings:
- Its hostname is a random name, beginning with WIN- followed by 11 random characters to form the maximum allowed 15-character NetBIOS name.
- It is a member of the WORKGROUP workgroup.
- Its network interface cards are set to request an IPv4 IP address from a DHCP server. If it does not receive an IP address from a server, it will configure a 169.254.x.y Automatic Private IP Address with 16-bit subnet mask, as defined in RFC 3927. IPv6, by default, is enabled with a fe80 site local link. 6to4 is disabled.
- Remote Management through both WINRS and WINRM is enabled by default for the local network. Remote Desktop is disabled by default.
- Windows Update is set to manual by default.
- Its default time zone is (UTC -8:00) Pacific Time (U.S. and Canada) and is set to synchronize with time.windows.com. By default, you will be notified when the clock changes.
- The Customer Experience Improvement Program (CEIP) is not joined.
Depending on the installation media used, the Server Core installation is either configured with a Generic Volume License Key (GVLK) and configured to automatically activate against a KMS Server, or is configured through Active Directory-based Activation. If you have entered a product key during Windows Setup, the Server Core installation will be configured to activate depending on the type of product key.
Now, these settings might not be to everybody’s pleasing, so let’s find out how to change them:
Changing the IPv4 address ^
To change the IPv4 addressing on your Server Core installation, type sconfig.cmd at the command line, and then choose option 8 by hitting that number on your keyboard. Select the network adapter from the list by typing its index number.
Type 1 and then S to provide a static IPv4 address. Type the IP address to use, and then press Enter. Then, type the Subnet Mask and press Enter. (Or just hit Enter when the default Subnet Mask is what you want.) Then, type the IP address of the Default Gateway (nearest router) and press Enter.
Tip!If you want to undo your action and revert the server back to being a DHCP client, simply go into Network Settings (option 8 in sconfig.cmd), select the network interface, and type 1 and then D.
Your Server Core installation will not be able to go onto the Internet, or reach Active Directory, since it doesn’t yet have the proper name resolution. The most convenient way to do that is by specifying one or more DNS servers. While in Network Settings with the network adapter selected, type 2. Then, type the IP address of your preferred DNS server and press Enter.
To remove your DNS server configuration, while in Network Settings with the network adapter selected, type 3.
To script an IPv4 address change, one option is to use netsh.exe. The following two commands will change the IPv4 address, subnet mask, and default gateway for the interface with index 12 (the default) and will appoint a DNS server to resolve names:
netsh interface ipv4 set address name=12 source=static address=192.168.0.1 mask=255.255.255.0 gateway=192.168.0.254
netsh interface ipv4 add dnsserver name=12 address=192.168.0.254
However, because the netsh.exe command will be deprecated, using PowerShell is more appropriate. Use the following one-liner to change the IPv4 address on your Server Core installation:
New-NetIPAddress -InterfaceIndex 12 -IPAddress 192.168.0.1 -PrefixLength 24
Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses ("192.168.0.254","188.8.131.52")
Simply change the italic values to values that make sense for your environment.
Changing the hostname ^
To change the NetBIOS hostname of your Server Core installation, type sconfig.cmd at the command line. Select option 2. Type the new hostname and press Enter. In the pop-up titled Restart, answer Yes to the question “You must restart your computer to apply these changes. Restart now?”.
If you want to script changing the hostname, you can use netdom.exe. The following command can be used:
Netdom renamecomputer localhost /newname:NewComputerName /force /reboot
In PowerShell (start it up by typing it at the command line), use the following two commands:
Joining a domain ^
If you want to make your Server Core installation a member of your Active Directory environment, again, type sconfig.cmd at the command line, but this time select option 1. Press D and then type the DNS name of the Active Directory domain to join, and press Enter. Then, provide the user name for an account with sufficient rights to join the computer to the domain, and press Enter. A separate prompt will pop up, asking for the password.
Alternatively, you can use the following command:
Netdom join localhost /domain domain.tld
Or, fire up PowerShell (by typing it at the command line) and use:
Add-Computer -DomainName domain.tld
Server Core - Domain Join
After successfully joining the Server Core installation to the domain, use Restart-Computer to restart the server.
Enabling Remote Desktop ^
To enable a Remote Desktop session on your Server Core installation, you can use sconfig.cmd. Option 7 offers the ability to enable it (by typing E and pressing Enter) or disable it (by typing D and pressing Enter).
When you enable it, you can enable it with or without Network Level Authentication (NLA). Enabling it will be more secure, but you won’t be able to make a connection from Windows XP Service Pack 2 and earlier versions of Windows.
If you want to do this the manual way, using SCRegEdit.wsf is the easiest way. The following command enables Remote Desktop:
Cscript C:\Windows\System32\SCRegEdit.wsf /AR 0
This command will also automatically create the firewall exception for you. This makes using SCregEdit.wsf the preferred method over the various registry methods. Note, however, that this command is case sensitive.
Configuring Windows Update ^
Although it would be a best practice to configure Windows Update centrally with Group Policy and one or more Windows Server Update Servers, you can also enable it manually.
Configuring it through sconfig.cmd is the fastest way. Option 5 offers you the choice between (A)utomatic and (M)anual. Automatic settings will check for and install updates every day at 3:00 AM. Option 6 lets you download and install updates. One of the choices here is to search for (A)ll updates or (R)ecommended updates only.
If you want more granular control over Windows Update settings, SCRegEdit.wsf comes to the rescue once again. The following command enables automatic Windows updates:
Cscript C:\Windows\System32\SCRegEdit.wsf /AU 4
Net stop wuauserv
Net start wuauserv
If you want to change the time Windows updates are installed automatically, you can change the value of the ScheduledInstallTime key in HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update. Use Regedit.exe for this.
If you want to check which Windows updates have been installed, run the following command:
Wmic qfe list
Changing the screen resolution ^
In previous versions of Windows Server, it was a bit tricky to change the screen resolution. Most of the time, Server Core admins resorted to third-party tools. In Windows Server 2012, sconfig.cmd also doesn’t offer this functionality, but Microsoft introduces two new PowerShell cmdlets:
The Set-DisplayResolution cmdlet is really useful. Start PowerShell (by typing it at the command line). Then, the following command will change the display resolution to 1280 x 768:
Set-DisplayResolution -Width 1280 -Height 768 -Force
You can also interactively use Set-DisplayResolution by simply typing the command. It will ask for a value for Width and Height. It will then change the resolution. You can either accept it with Y or revert to the previous screen resolution by typing N.
Activating Server Core ^
When you’ve successfully configured your Server Core installation, and you have the feeling you won’t be able to mess up its core configuration, it’s time to activate it. When you’ve implemented Key Management Services (KMS) or Active Directory-based Activation, your installation might already be activated and you don’t need to activate it at the command line. If you do want to activate the installation at the command line, use the following commands:
Slmgr.vbs -ipk THISI-SNOTA-LEGIT-PRODU-CTKEY
To check whether your Server Core installation activated correctly, use slmgr.vbs -dli or slmgr.vbs -dlv.
Configuring basic settings on Server Core installations of Windows Server 2012 is easy with sconfig.cmd, but it can also be done and scripted using other tools. With its hostname, IP addressing, updates, and activation in place, it’s time to see how you, as admin, can manage Server Core installations from the comfort of your office seat. This will be the subject of my next two articles.