Server Core 2008

One of the new features of Windows Server 2008 makes me kind of shiver with dred. Why?

Because I suck at command prompt.

And you all know this. As I'm typing, I make typos, I hit enter too early, I forget syntax, etc. Basically every single error that I could possibly make, I make. Which makes for frustrating times for Ben.

Command prompt? Isn't this a step backwards?

Well, yeah, in a way. Server Core is an installation of Windows Server 2008 which installs nothing but the bare essentials. And when I say "nothing", I mean nothing! Gone is the familiar desktop icons and even the Start button and taskbar. All we're presented with is a command prompt window. Creepy. This scaled down version of Server is Microsoft's way of reducing the attack surface of a server to almost nothing. That, from a security point of view, is pretty nice.

Installing Server Core is easy enough. At installation, you are presented with a screen asking which Windows implementation you'd like to install. Mostly, you'll be choosing the first choice, which is to install Windows normally (and that's with a Start button), but if you're wanting this handy-dandy-extra-secure-no-frills OS, then you'll want to click on the Core installation. Windows will install normally, but you'll notice that there is no opportunity to set up, well, anything! All this must be done later, manually, through the command prompt.

Changing User Information

Logging onto Server Core was kind of weird the first time after installation. I had never set up a user or anything, but there I was: looking at a logon screen requesting logon credentials. Hmm. Typing in Administrator with no password worked. Obviously, this is extremely wide-open, so we'll need to seal up the user account with a nice, complex password. But with no Users and Computers app, how would we do this?

net user administrator *

This now presents us with a place to type in a password for the administrator account. I type in the password (our class-favorite P@ssw0rd, if you're wondering). There! Account locked-down and secure!

Computer Naming and Joining a Domain

Now, taking advantage of Server's new "whoami" command, I see that my computer name is something freakin' strange: lh-7y6gi6m11swi. Hardly memorable. I'd like something just a touch easier to remember, like ServerCore. So, here we go in command prompt land:

netdom renamecomputer lh-7y6gi6m11swi /newname ServerCore

After a warning message about some services possibly getting messed up, and a message saying I need to reboot, I now have a much friendlier computer name on my network.

As you can see, not exactly hard stuff, but still enough to stump the uninitiated. Ok, we'll reboot with this command:

Shutdown /r /t 0

And once we're back, we'll join the domain:

netdom join ServerCore /domain:bensbaldhead.com /userd:bbedo /passwordd:P@ssw0rd

... and then reboot just like above.

Installing a Server Role

We're going to use this ServerCore computer as a DNS server. Installing DNS onto a 2003 Server or even 2008 "normal" server required going to Add/Remove Programs, but since there is no Control Panel in Server Core, we'll have to use the old fashioned command prompt for this too:

start /w ocsetup DNS-Server-Core-Role

After about 2 minutes, I see the command prompt again and DNS is installed. No wizards, no messages in the command line, even. What about administering DNS? Ha ha ha! We're using the DNSCMD tool (or just administering remotely).

I must say, after using it for a while, it does start to feel better -- learning commands, etc. and with the lowered vulnerability, Server Core is pretty nice.

Strategies for Success - 6/27/2007

Welcome to Strategies for Success. Today we got to know each other a little bit and I briefly went over some of the stuff we'll be doing this quarter. One of the topics that we covered today were scatomas -- the way that we are blind to seeing something. We (ok, Uncle L0u) talked about the ways that scatomas can affect our lives and get in the way of our successes. Rememeber scatomas the next time you have any thoughts that you can't do something or aren't good enough -- you are!!

Remember to check out http://www.loutice.com and sign up for Lou Tice's Winner's Circle Network e-mail!

Welcome!

Hi, and welcome to my blog! This blog will allow you to keep up with what's going on in class this quarter. I plan on making brief posts after each class which will summarize what we've done that day and list any assignments I may give.

I've designed this blog to be a tool -- an extension of me outside the class, if you will. On this blog, you will find Powerpoint slides (if applicable), links to stuff I think you should know, and some links to some stuff I just think is cool.

Be sure to check this page often! You'll never know what kinds of good things will pop up here (extra credit has been known to rear it's quite-attractive head here from time to time).

Please leave a comment below! I love getting comments...

Pro-Server - 6/26/2006

Tonight we did Chapter 3, which discussed the Disk Management features of Windows XP. Included in this discussion was the difference between Basic and Dynamic disk sets, how to convert back and forth between them, how to partition and format a drive with Disk Management, and how to configure compression or encryption for folders and files.

Remember, quiz on Monday, 7/2 over Chapters 1-3, and homework from 6/25 and 6/26 is due the same night.

Have a great rest of the week!

Homework

• Chapter 3 - Review Questions; Scenario 3.1

Designing Network Infrastructure - 6/26/2007

On this joyous first day of class, we covered Chapter One which gives us all kinds of nitty-gritty on researching a company and their situation before diving headfirst into upgrading their network. Our lab looked at several tools which allow us to get a look under the hood (so to speak) of what's going on on our servers. Most of these tools, like Device Manager, MSConfig, MSInfo32, etc. were tools that we've used before. Others, like the command line tool SC, were used for the first time.

Homework:

• Chapter One: Review Questions
• Chapter One: Lab Review Questions (pg 13 in the lab manual!)

Managing a Windows Network - 6/26/2007

This morning we started out the class by doing the first two chapters in our book, which cover the basics of Windows Server 2003 and Active Directory respectively. We used our mad computer skills to install AD twice -- once from CD media like normal people, and the other install from a backup of the first -- over the network. Oh yeah. Burn that, money-love.

Homework:

• Chapter One - Review Questions
• Chapter Two - Review Questions

Pro/Server - 6/25/2007

Great class tonight guys -- we finished Chapters One and Two, which dealt with Windows XP basics and installation. Remember about the three types of "advanced" installations: the unattended install, the sysprep (ghost) install and the RIS server install. Make sure you can differentiate between them and know when the best times to use them would be.

Your unattended installs are working right now, and hopefully everything's going well. I'll see in about 10 hours. :)

Homework:

• Chapter One - Review Questions 1-5
• Chapter Two - Review Questions 1-8; Case Scenario 2-1

MS Excel - 6/25/2007

Today we did the first part of Chapter 1 -- Project 1A. This project covered the basics of Excel, including navigation, editing processes, headers and footers, etc. Next week, we will do Project 1B and have some homework where you'll practice what we went over this week.

Homework:

• No homework!

It's Almost Summer!!!

And by summer, I mean summer quarter. (Although, it is almost summer for real -- what, tomorrow?)

ANYWAY.

I thought I might take some free time I have and update the old blog and let you know some things that are in store for us this quarter.

My Teaching Schedule
I've had a couple of you ask what my schedule will be for summer, and here it is:

Monday Afternoon: MS Excel
Monday Evening: Windows XP Pro (NSA 260)
Tuesday Morning: Managing Windows Networking (NSA 218)
Tuesday Afternoon: Designing Network Infrastructure (NSA 264)
Tuesday Evening: Windows Server 2003 (NSA 261)
Wednesday Morning: Strategies for Success

I'm really looking forward to teaching the Strategies class.

Changes in Teaching Styles
Yes, once again, I will be undergoing changes in the way I run class. It's a minor change really -- NSA people, you will experience the same mostly-lab-little-bit-o-ben-lecturing that you're used to, but I'm reinstating weekly homework. I realize that will mean a considerable amount of work for you as students, and I can totally empathize, but information just hasn't been retained recently as well as I'd like it to be.

Ben's Blog Will (Hopefully) Be Utilized More
Ben's Blog now has its own domain name (www.benbedo.com -- try it out!) as well as downloadable powerpoints of what I hand out in class. During the first week or so, I'll be soliciting links to your own websites, if you'd like to share them. Also, I plan on posting more informative posts, like the one on Virtualization, as the quarter goes on, just to provide a richer learning environment.

It's going to be a great quarter!! See you next week!

Virtualization

Virtualization is shaping up to be a big deal in the IT industry.

It makes sense. Many of the server boxes manufactured today far and away exceed the requirements necessary for the typical server's one-maybe-two roles. From a beancounter's prospective, this is extremely wasteful -- why buy five brand new boxes that each only use 20% of their potential? Wouldn't it make more sense to buy one box and max it out?

That's exactly what virtualization allows us to do. Gone are the days where having a 10 box server farm is required. If we wanted to, we could throw all of those old boxes onto a single new box and be praised for saving the company money.

Server 2008 will include (via add-on) a product currently known as Viridian which is a method of accelerating hardware virtualization and makes running virtual servers a little easier. It won't be ready in time for the Server 2008 release (whenever that is), but we're assured by M$ that it will be available sometime soon after.

Virtualization is relevant to you guys, as students, too. As you probably are aware, we use virtualization to make your lives easier in class (ok, let's be honest: it makes my life waaaay easier). If you haven't already, I urge you to download Virtual PC 2007 (Microsoft's virtualization software that's not designed to run a server farm in production!) and use it to practice the concepts we go over in class. It will, in effect, give you a second home computer (running on the first) and keeps the rest of your family happy by providing them a way not to have their home PC reformatted every couple of weeks by the resident geek (that would be you).

So, back to the issue of how Virtual PC makes my life easier: I spent part of the afternoon preparing your hard drives for the upcoming summer quarter. Out of my six classes, I have four in "the dork lab" which require computer use. Using an external DVD drive, I was able to flash everyone in those four classes with their PCs that they'll use for the quarter. What we used to have to do is have an "install" day where we just installed OSs for the entire class -- burning a week of class in the process. Now we can hit the ground running! Total time to get four classes worth of hard drives ready: two hours. Nice.

Designing AD/NI - 6/18/2007

Nothing but the final. See ya next week!

Implementing Active Directory - 6/18/2007

fin.

Implementing Network Infrastructure - 6/18/2007

Nothin' today but the finals. Have a great (4 day) break! See ya next week!

File System Features in Server 2008

I hesitiated blogging about this before fully researching it, but then decided against my better judgement and here I am spewing forth about it. This TechEd session I attended last Monday struck me as extremely interesting because it dealt with the (at least in my arena) little-dealt-with topic of file serving.

This juicy little morsel of ... whatever ... is officially called "File System Resource Manager" and it allows an administrator control over what files are stored on his/her server. Everything I've taught in dealing with user file management has been the use of Quotas which are, you'll remember, a restriction as to how much disk space can be used per individual user. This is all well and good but doesn't give you much control. I mean, who's to say that Amy isn't going to just fill her user account space with a bunch of bomb-making plans and porn? Just because Amy's "files" don't take up more than the amount of space I've allotted, we're OK, right? Mmm, notsomuch.

The File System Resource Manager (FSRM) is installed automatically when you install the File Server role in Server 08. It's run from an MMC, like most utility tools in server and can allow you to control not only how much space each user gets, but how much space each folder is allotted and what types of files can get stored. For example, if I wanted to be hard-nosed about it, I could ban .mp3s on the file server. Or, I could allow only .doc, .xls and .ppt files and ban all others. Or I could give you 500 MB of space, but only 5 MB of it could be used for .mp3 files. The possibilities are endless. Oh, I could also set up custom reports to be e-mailed to either users and/or admins when rules are violated or quotas are close. Depending on how you look at it, Big Brother has one more step on you.

Here's what's really cool: this isn't a new feature. That's right, Cheech, FSRM made its debut in Windows Server 2003 R2. I still haven't played with it though (which is why I hesitated even blogging about it yet). But it seemed like such a cool feature that I just had to share it.

Managing a Network Environment - 6/12/2007

Final Exam!!! Yay!

MS Exchange - 6/12/2007

The final.

We had a guest student, Risa Driver, who took the final and didn't do too bad on it. I used some of her points to curve the sucker, and grades were given out.

It's been fun!

Troubleshooting - 6/12/2007

Last day o' school.

Fun was had by all.

Designing AD/NI - 6/11/2007

Just like the two morning classes, tonight was the final lecture night for this class. We covered Chapter Nine, which dealt with network connection and access issues. I also handed out grades and indiciated whether or not you'll need to be here for the final on the 18th.

See ya when I see ya! :)

Implementing Active Directory - 6/11/2007

Finishing the class was in order today as well, as we chalked up chapters 11 & 12 to finish the book. As in NI, I passed out your grades and whether or not you need to show up next week for the final.

Implementing Network Infrastructure - 6/11/2007

Today we finished the book by completing Chapter 9. I also passed out grades for the final and those who need to show up next Monday know who they are.

Group Policy with Vista/Server 2008

One of the coolest demonstrations I saw at TechEd had to do with the new improvements to Group Policy for Server 2008 (due later this year). Many of these improvements require a Vista client, but it was sincerely cool to see some of the things you could do via the GroupPolicy improvements.

One of the major hangups with Group Policy in current implementations is the sheer amount of space they take up. For each policy, there is an associated .ADM file that goes along with it. This .ADM file, by the way, only supports English and is a whopping 3.5 MB. That may not seem like a big deal, but remember that for each policy that exists on your network is a new .ADM file and a new 3.5 MB. If we had 100 different policies, there's 350 MB of stuff that we then need to back up. Vista/Server 2008 allow us to use .ADMX files, which are based on (you guessed it) XML which is a lot more lightweight. And, with the new .ADML file, we can have multiple languages (you could, in theory, invent your own language, as long as you didn't mind putting in the extra time making an .ADML file).

What's also cool is that Vista allows us to have multiple local policies -- which is great news if you have a home computer and want to set up highly personalized restrictions based on the user who logs on.

One of the companies that Microsoft has been gobbling up lately has included DesktopStandard, the maker of GPOVault and PolicyMaker. I won't go into all the cool features that these programs bring to the table. But one, in particular, really made me drool: PolicyMaker effectively does away with scripts. Seriously. As a poor scripter, I can't tell you how happy this makes me.

In a nutshell, it allows you, via Group Policy to do tedious tasks formally limited to scripting, such as drive mapping, printer setup, etc. And on top of that, you can filter where these tasks are applied. For example, if I told you that I wanted a script that mapped the S: to a network share called \\server3\slowcomputers\leanfiles but only for computers with less than 192 MB of RAM and only if those computers are on a certain subnet you'd probably look at me dumbfounded. (I know I would!) But with PolicyMaker (which will be integrated into GPMC in Server 08) all you have to do is place a couple of checkmarks and pull a couple of dropdowns and Wa-lah! You now have the answer to your scripting problem.

And that gives you more time for FreeCell.

TechEd Update

Hey everyone! I'm posting from a giant room (with 4 jumbo-trons!) waiting for a seminar on "Active Directory in Server 2008". Sounds interesting, right? Right?

This week has been amazing. I've learned so much stuff and I can't wait to get back to BG and share it with you. Here's a sampling of some stuff I've picked up so far (and there's still a day and a half left!)

SysInternals
Terminal Services in Server 2008
Group Policy Inside Vista
Windows Activation (this was kind of an awkward discussion - more later)
Computer Hacking - What To Look For/Defend Against
LiteTouch (say goodbye to answer files and hello to an MMC snap-in!)
Packet Analyzing
Active Directory in Server 2008

Keep watching for posts. Also, remember! Please comment on "The Return" (it's below this one) and let me know what you think about my ideas for the future of this blog. If you do comment on "The Return" before 8:00 a.m. on June 11, I'll give you ten points extra credit (the equivalent of two days' worth of attendance points!)