PowerShell

Meet the new Server Core Program Manager!

When I took my first steps with Server Core installations, I met the Principal Program Manager for Server Core within Microsoft at its TechEd event: Andrew Mason.

Andrew is responsible for all the work done in the Server Core area, wrote at the Server Core blog, supplied answers on the TechNet Forums, and presented several times on the benefits of using Server Core installations compared to Full installations. Andrew is also responsible for making Server Core the default installation option in Windows Server 2012.

A while ago, I noticed Andrew wasn’t with Microsoft anymore.

After some investigation, I found out Andrew is now working with Amazon, apparently following the path laid out by Steve Riley and Jesper Johansson. Of course, I wish him the best of luck!

It also leaves the question on who’s the Program Manager for Server Core today unanswered…

Well. That question didn’t last long unanswered, since I met the Program Manager for Server Core last month, during a special MVP party at the balcony of the Palacio de Cibiles in Madrid during TechEd Europe 2013.

Benjamin Herila

Benjamin Herila

Not only is Benjamin currently leading the team improving on Server Core functionality in Windows Server. He also is the guy that wrote the Get-DisplayResolution and Set-DisplayResolution PowerShell Cmdlets and the underlying setres.exe executable. These bits allows us to easily change the display resolution on the command line in both Server Core and Full installations of Windows Server 2012 and beyond.

So why is this important?

If you want to keep up to date with Server Core (or any featureset of a Microsoft product), it’s good to have the name of the Program Manager, since this is the person responsible for most of the communication around the featureset and most of the presentations at both internal and external Microsoft events.

For instance, one of Benjamin’s presentations is already available online through Channel 9. Also, the last five posts on the Server Core blog have been written by Benjamin.

So, when you attend a Microsoft event and are looking for Server Core presentations, pick Benjamin Herila from the speaker list and go see his presentation(s)!

On the TechNet Forums, Benjamin has already supplied answers on several questions, related to the work his team does. It’s not just Server Core, but also Windows Server Update Services (WSUS). If you see an answer from Benjamin, you’ll know it’s the definitive answer.

Cheers, Benjamin! Martini glass

KnowledgeBase: Server Core Web Servers are not manageable remotely by default

Pre-Web-iconIn Windows Server 2012 and Windows 8, Server Manager can be used to remotely manage both Full Installations and Server Core Installations of Windows Server 2012.

Tip!
To gain access to the Server Manager functionality in Windows 8, install the Remote Server Administration Tools package. Next, you can use the Start Screen to search for the Administrative Tools folder. You will find a shortcut to Server Manager in this folder.

 

One of its features is the ability to install and uninstall Server Roles and Features remotely. This is extremely helpful in scenarios where you’d want to install multiple servers with the same Server Role at once (like the Web Server Role), but also when you’re managing Server Core installations, since Server Manager provides a graphical user interface (GUI) to make you easily achieve a lot of your configuration tasks.

 

The challenge

Many of the Server Roles available in Server Core can be installed and configured remotely. I know many admins like to use Server Manager and the Remote Server Administration Tools to manage their Server Core installations that way. Therefore, I find it a shame, that the Web Server Role cannot be installed to a basic configured state using the above method. Sad smile 

The Web Server Server Role can be installed on its own, but it is also installed when you install one of the next Server Roles in Windows Server 2012:

  1. FTP Server
  2. DirectAccess Server
  3. IP Routing
  4. Windows Server Update Services

When you try to connect with the Internet Information Services (IIS) Manager from a remote Windows Server 2012 installation, after you install the Web Server Role or any of the Server Roles above, you will be presented with an error message:

IISMgrUnableToConnect

The explanation

The root of the problem is, by default, when you install the Web Server Server Role on Server Core, the Web Management Service Role Service is not installed by default.

Security, Part 1

The reason Microsoft does not install the Web Management Service is this would mean a setback from a security perspective to the Windows 2000 Server days (where Internet Information Services were installed and enabled by default on each install). To be frank, not all Web Servers need a remote web management service, listening on management requests. Indeed, with access to the console, the many Internet Information Services-related PowerShell Cmdlets and, of course, the Web Platform Installer, remote management isn’t always needed.

 

To make things worse, even if you pay attention during the installation of the above Server Roles, you still wouldn’t be able to manage Web Servers remotely with the Internet Information Services (IIS) Manager, since the Web Management Service is not configured or started, by default.

Security, Part 2

Although the Web Management relies on authentication to be accessible and the communication between the Internet Information Services (IIS) Manager is encrypted (optionally), opening a management service listening on a TCP port is a bad idea for publicly connected machines. Therefore, the Web Management Service, by default, is not configured for remote management and its service is not running after installation.

 

This configuration can be done … wait for it… through the registry. Confused smile

You can perform these changes through Group Policy Preferences (for domain-joined Web Servers, FTP Servers, WSUS Servers, DirectAccess Servers and IP routers. Alternatively, you can use Remote Registry access or script the change with *.reg files through PSExec. Regedit.exe, however, is available on the command line of Server Core installation, so you can make this change on the console itself.

Of course, after a change, the Web Management Service (WMSVC) needs to be configured to start automatically and, then, started.

 

The solution

So, to manage a Web Server remotely, you will need to perform the following actions:

  1. Install the Web Management Service Role
  2. Configure the Web Management Service
  3. Configure the Web Management Service to start automatically
  4. Start the Web Management Service

Install the Web Management Service Role

Install the Web Management Service Role on your Server Core installation by either installing it through Server Manager on a Full Installation of Windows Server 2012.

To install the Web Management Service from the console of your Server Core installation, run the following PowerShell command:

Install-WindowsFeature Web-Mgmt-Service

 

Configure the Web Management Service

The Web Management Service can be configured through the Registry. Its settings are located in HKLMSoftwareMicrosoftWebManagementServer.

Simply start the Registry Editor on the console of your Server Core installation by typing regedit.exe, and change he value for EnableRemoteManagement from 0 to 1. Close RegEdit with Alt+F4 or by clicking the X symbol in the right top of the program.

Configure the Web Management Service to start automatically

Next, configure the Web Management Service for automatic start. Type the following command on the console of your Server Core installation:

sc config WMSVC start= auto

 

Start the Web Management Service

All we need to do now, is start the Web Management Service:

net start WMSVC

 

Concluding

Microsoft has gone to great lengths to make the Web Server as secure as possible. When you remotely manage Server Core-based Web Servers, however, you will hit some bumps on the way. This blogpost explains how to pass them

Tip! Get-DisplayResolution and Set-DisplayResolution also work on Full installations of Windows Server 2012

Computer ScreenA quick look at the Windows PowerShell support for Windows Server 2012 page on TechNet reveals two PowerShell Cmdlet gems for Server Core installations:

These two PowerShell Cmdlets fill a huge gap many Server Core administrators faced in the Windows Server 2008 and Windows Server 2008 R2 timeframes. With these two cmdlets, it’s easy to change the display resolution (or screen resolution) on Server Core installations.

Although the page on TechNet suggests otherwise, these two PowerShell Cmdlets are not just limited to Server Core installations of Windows Server 2012: They also work on Full Installations of Windows Server 2012.

This presents an interesting opportunity, because one of Windows Server 2012’s system requirements is a 1024 x 768 display. Yet, with Set-DisplayResolution I can configure a 800×600 display resolution. Despite what you might expext, when configured with a 800×600, Windows Server 2012 will still display the Start Screen…

 

I use Set-DisplayResolution a lot for demos. One of my laptops has a 1366×768 display and virtual machines running within Hyper-V, aren’t able to show their entire screen. Changing the display resolution with Set-DisplayResolution on my virtualized Windows Server 2012 installations, makes their screens sit neatly above the Task Bar.

Thanks, Microsoft!

How to disable the Windows Firewall on Server Core installations of Windows Server 2012 and Hyper-V Server 2012

FirewallFrom the first Server Core installations of Windows Server 2008 to my latest installation of Hyper-V Server 2012, I have struggled with the Windows Firewall. It is turned on by default after installation and this is a good thing. However, when you’re testing remotely managing Server Core installations of Windows Server 2012 and Hyper-V Server 2012, the Windows Firewall gets in the way fast.

As it turns out, the Windows Firewall can be turned off quite easily. Two methods exist:

  1. Disable the Windows Firewall from the command line
  2. Disable the Windows Firewall through Group Policy

Disabling from the command line

If you want to disable the Windows Firewall from the command line for a single server, PowerShell is the fastest and most reliable method. The following PowerShell one-liner will disable the Windows Firewall for all Firewall profiles:

Get-NetFirewallProfile | Set-NetFirewallProfile -enabled false

 

Disabling through Group Policy

Group Policy can be used to change settings on thousands of computers at once. To disable the Windows Firewall through Group Policy, follow these instructions:

  • Log on to a Domain Controller, or a management station that has the Group Policy Management Console (GPMC) installed with sufficient permissions to create and link Group Policy objects. (GPOs)
  • Start the Group Policy Management Console (GPMC)
  • Select an appropriate level where you want to apply the Group Policy Object (GPO), for instance the domain-level or an Organizational Unit (OU) and right-click it. Select Create a GPO in this domain, and Link it here… from the context menu. Give it a meaningful name and press OK when done.
  • Now select the newly created Group Policy Object (GPO) and right-click it. Select Edit… from the context menu. This will open the Group Policy Management Editor.
  • Open Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with advanced security. Here, open Windows Firewall with advanced security. In the right-hand pane, click on the hyperlink Windows Firewall Properties.  
  • Here, the tabs represent the Firewall profiles: domain, private and public. You can select the Firewall state for each of these profiles.
  • When done, click OK. Then, close the Group Policy Management Editor.

After the default background refresh has occurred, the firewall will be disabled on all computers in the scope of the Group Policy Object (GPO). If you don’t want to wait that long, you can run gpupdate on the computers you want to, or (when you’re using the Group Policy Management Console on Windows 8 or Windows Server 2012) you can right-click on the level where you applied the Group Policy Object (GPO) and select Group Policy Update… from the context-menu.

KnowledgeBase: Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely

Last week, Microsoft has released a KnowledgeBase article titled Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely.

In this article, Microsoft tells us the reason why we can’t connect remotely to:

  • Windows Server 2012 Device Manager from a Windows 8-based computer
  • Windows Server 2012 Device Manager from a Windows 7-based computer
  • Windows Server 2008 R2 Device Manager from a Windows 8-based computer
  • Windows 8 Device Manager from a Windows 7-based computer

The reason behind this, is the fact that Remote access to the Plug and Play (PNP) RPC interface has been removed in Windows 8 and Windows Server 2012.

As a resolution, Microsoft suggests to login to the computer locally to utilize Device Manager.

While this sounds like some sort of workaround for Full Installations, on Server Core installations of Windows Server 2012, this won’t be possible, since devmgmt.msc is not a recognized command.

The work-around for Server Core installations is to install the Windows Server Management Infrastructure role. Use the following command line to perform this action:

Install-WindowsFeature Server-Gui-Mgmt-Infra –Restart

    

Related KnowledgeBase articles

2781106 Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely

Switching between the four GUI layers in Windows Server 2012 with PowerShell one-liners

cake-iconHalf a year ago, I’ve shown you how to switch the Graphical User Interface (GUI) in Windows Server 2012. This information allowed you to convert a Full Installation to a Server Core installation or the Minimal Shell (“MinShell”), then known as ‘Features on Demand’.

In the release of Windows Server 2012, Microsoft has made it super easy to switch the GUI with PowerShell. This was achieved by making the Server Features that compose the Graphical User Interface (GUI) interdependent, effectively layering them like a cake.

The four layers of GUI

The four layers that now have been created compose the following GUI modes:

  • Server Core
    In Server Core, basically, none of the GUI Server Features have been enabled / all of the GUI Server Features have been disabled.
      
  • Minimal Shell (“MinShell”)
    In the Minimal Shell, previously known as ‘Features on Demand’, the ‘Graphical Management Tools and Infrastructure’ feature has been enabled. This feature has no dependencies on the other GUI Features.
      
  • Full Installation
    In a Full Installation, both the ‘Graphical Management Tools and Infrastructure’ and ‘Server Graphical Shell’ feature has been enabled. The latter feature has a dependency on the first feature; If you install the ‘Server Graphical Shell’ feature when in Server Core, the ‘Graphical Management Tools and Infrastructure’ will automatically be added.
      
  • Full Installation with Desktop Experience
    If you enable the ‘Desktop Experience’ feature when in a Full Installation, you add the Windows RunTime, the Windows Store and thus the ability to buy, download and run Apps in the Start Screen. Note, however, that there is no automatic dependency resolution for the Desktop Experience feature. This feature can only be enabled when already in a Full Installation.

Switching

Now that we have knowledge of the layers, we can convert Full installations of Windows Server 2012 and MinShell installations of Windows Server 2012 to Server Core with just one line of PowerShell:

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart

 

To convert a Full installation of Windows Server 2012 to MinShell, run the following PowerShell command:

Uninstall-WindowsFeature Server-Gui-Shell –Restart

 

To go from Server Core to MinShell, all you need to do is install the Graphical Management Tools and Infrastructure:

Install-WindowsFeature Server-Gui-Mgmt-Infra -Restart

  

To go from a Server Core installation of Windows Server 2012 or a MinShell installation of Windows Server 2012 to a Full Installation, simply add the Server Graphical Shell with the following command:

Install-WindowsFeature Server-Gui-Shell –Restart

    

Concluding

Switching between Full Installations, MinShell Installations and Server Core Installations on Windows Server 2012 is simple when you know how.

Use these simple one-liners to switch to your hearts content.

Further reading

Windows Server 2012 Installation Options

Switching between GUI modes in Windows Server 8

This post covers a pre-release product and was written in February 2012. The actual product may not reflect the behavior, specifications or intentions found in this post. Use with caution.

ConfigureA couple of months ago, I wrote about the new Server Core and Features on Demand options in Windows Server 8. Today I’ll show you how to switch between the Server Core mode and the Full Installation.

The way you’d use the commands below is to test and deploy your Windows Servers. Remember “Server Core is the preferred deployment configuration.”, but not all software and agents (anti-malware, management, UPS, backup, monitoring, etc.) are ready for a Windows installation with minimal Graphical User Interface (GUI). Starting with Windows Server 8, you can switch from a Full Installation to a Server Core installation after installation. Also, you can switch back in case you forgot to adjust a setting that is only available in the Full GUI.

PowerShell, of course…

It should come as no surprise the commands to switch between Server Core, Features on Demand and Full Installation are available as PowerShell cmdlets. PowerShell has been a Common Engineering Criteria since 2009 and all products and technologies should be used with PowerShell. A positive side effect of having PowerShell commands is you can run these commands with a remote code block on any or all Windows Servers in your Server farm.

The cmdlets are part of the DISM PowerShell Module, so every time you’d like to switch between GUI modes, you need to import the module for the cmdlets to be available.

More a traditionalist?

You can also use the more traditional Deployment Image Servicing and Management tool, known within Windows as dism.exe.

One of the things you should be aware of, is that when you use dism.exe you will need to watch the case of your commands.

  

Switching

 
mobsyncBasically, Microsoft has made both the minimalistic GUI and the Full GUI features in Windows Server 8. This means, the commands for switching between the three GUI modes are similar to adding a Server Role or Server Feature on Windows Server 2008 and Windows Server 2008 R2.

From a Full Installation to Server Core

To switch from a Full Installation to the Features on Demand installation option, choose between the following commands:

     Import-Module Dism
     
      Disable-Feature –online –Featurename ServerCore-FullServer

or

    Dism /online /disable-feature /featurename:ServerCore-FullServer

Afterwards, reboot.

From Server Core to a Full Installation

To switch from a Server Core installation to a Full Installation, requires a bit more work, but is more or less identical:

     Import-Module Dism
    
     Enable-Feature –online -Featurename ServerCore-FullServer,
     Server-Gui-Shell,Server-Gui-Mgmt

or

     Dism /online /enable-feature /featurename:ServerCore-FullServer
    
/featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt

Afterwards, reboot.

Server Core and Features on Demand in Windows Server 8

This post covers a pre-release product and was written in September 2011. The actual product may not reflect the behavior, specifications or intentions found in this post. Use with caution.

Microsoft showed off Windows Server 8 at the second day of the //Build/ conference last week. In the session named SAC-416T, Andrew Mason (Principal Group Program Manager for Server Core) and Jeffrey Snover (Distinguished Engineer and Lead Architect of Windows Server) introduced the plans with user interface options in Windows 8.

A little bit of recent history…

Whereas Windows Server 2008 and Windows Server 2008 R2 offer the Server Core installation option, to minimize the burden of Graphical User Interfaces (GUIs), according to Microsoft, this was an ideal situation.

Windows Server 2008

As you might remember, Server Core was introduced as an installation option for Windows Server in Windows Server 2008. As a systems administrator you could choose this option at installation and you needed to stick with your choice. This choice meant you had trouble installing applications (like UPS management, backup and antivirus tools) and management was spotty without PowerShell. Also, one of the places where security mattered most could not be addressed within Server Core: Servers running dynamic (ASP.Net based) websites.

Windows Server 2008 R2

With the release Microsoft improved the Server Core installation option significantly. Now you could make most ASP.Net-based websites work on server Core, roughly 230 PowerShell cmdlets were introduced and most producers of management, UPS and antivirus products had awoken to the idea of Windows Server without Windows.

Windows Server 8

With Windows Server 8, Microsoft ups the game. Windows PowerShell now boosts a tenfold more cmdlets. An installation option was deemed insufficient, so the option to switch between the Server Core and Full installation gets introduced. Furthermore, Microsoft will introduce a new flavor between the Server Core installation and the Full installation. This is called the ‘Features on Demand’ option.

These three flavors can already be found when installing the Windows Server 8 Developer Preview (build 8102):

image

This screen during the Windows server setup now loses a lot of importance, since you can switch between the three flavors after the Operating System is installed.

Differences between the three interface options

The differences between these three flavors is described in the following table:

Server Core Installation

Features on Demand

Full Installation

Windows Core

o

o

o

Windows PowerShell

o

o

o

.Net Framework 4

o

o

o

Server Manager

o

o

Microsoft Management Consoles

o

o

A subset of Control Panel Applets

o

All Control Panel Applets

o

Windows Help

o

Windows Explorer

o

Internet Explorer

o

Guidance

Andrew and Jeffrey delivered the message ‘Server Core is the preferred deployment configuration’ strongly. This single sentence even received it’s own PowerPoint slide to illustrate the point. A Server Core installation requires the least amount of resources, time and patches of all Windows Server installation options.

But no longer, will you need to deploy your server as a Server Core installation. From Windows Server 8, you will be able to install Windows Server either as a Full Installation or Features on Demand Installation and when done trim down the Windows Server installation to a Server Core installation, where possible.

If all your agents and applications support Server Core and you don’t need any of the MMCs or Control Panel Applets, or you can reproduce your advanced settings through the registry, APIs, Remotely or through WS-Management, you can install Server Core from the start, offering you a superb deployment experience with the least amount of deployment traffic.

Concluding

Microsoft unfolded a strategic view on the interface options in Windows Server 8. You can now choose between a Server Core installation, a Features on Demand Installation and a Full Installation, each offering more Graphical User Interface elements.

No longer do you need to make this choice at the installation of the Windows Server Operating System. You can switch between the three interface options after installation, offering huge flexibility and security in the long run.

Further reading

Windows Server 8 apps must run without a GUI – learn more now

Microsoft Unveils Windows Server 8
Windows Server 8 will bring us this!
10 best new features of Windows Server 8
Windows Server 8: Now with added VMware and Unix
Windows Server 8 should be full of surprises
Microsoft provides more details about Windows Server 8

Fun with FSMO roles and Functional Levels on Server Core Domain Controllers

Sometimes, in an environment with all Server Core Domain Controllers, it is hard to migrate your Active Directory Domain Controllers from Server Core installations of Windows Server 2008 to Server Core installations of Windows Server 2008 R2.

Steps

The steps to migrate Server Core Domain Controllers on Windows Server 2008 to Windows Server 2008 R2 through Transitioning, are:

  1. Perform a system state back-up of the Windows Server 2008 Server Core Domain Controllers
  2. Run adprep.exe or adprep32.exe from the Windows Server 2008 R2 installation media (depending on the processor architecture of the Windows Server 2008 Server Core Domain Controllers, ie. x86 or x64)
  3. Install Windows Server 2008 R2 Server Core on servers and promote them to Domain Controllers for your existing domain, using dcpromo.exe 
  4. Check the dcpromo.log and dcpromoui.log files and the event viewer to search for possible problems
  5. Take care of FSMO roles and Global Catalog placement
  6. Demote your Windows Server 2008 Server Core Domain Controllers
  7. Raise the Domain Functional Level and  Forest Functional Level

For more information on these steps, read this blog post.

While many steps in the process can be performed, like one would on Full installations of these Operating Systems, other steps may be performed using the Remote Server Administration Tools (RSAT). Two steps, in particular, though, proves to be cumbersome when performing through the Remote Server Administration Tools. It turns out, these steps are actually fun to perform on the PowerShell of your Server Core Domain Controllers. These steps would be step 5 and step 7.

    

Manage FSMO roles

On a Windows Server 2008 R2 Server Core Domain Controller to transfer a Flexible Single Master Operations Role, perform one of these PowerShell one-liners:

Tip!
Don’t forget to run Import-Module Active Directory before running any of the below commands…

  • For the Schema Master FSMO role:

    Move-ADDirectoryServerOperationMasterRole -Identity FullyQualifiedDomainNameOfTheDC -OperationMasterRole SchemaMaster 

        

  • For the Domain Naming Master FSMO role:

    Move-ADDirectoryServerOperationMasterRole -Identity FullyQualifiedDomainNameOfTheDC -OperationMasterRole DomainNamingMaster 

        

  • For the Primary Domain Controller (PDC) emulator FSMO role:

    Move-ADDirectoryServerOperationMasterRole -Identity FullyQualifiedDomainNameOfTheDC -OperationMasterRole PDCEmulator 

        

  • For the RID Pool Master FSMO role:

    Move-ADDirectoryServerOperationMasterRole -Identity FullyQualifiedDomainNameOfTheDC -OperationMasterRole RIDMaster 

        

  • For the Infrastructure Master FSMO role:

    Move-ADDirectoryServerOperationMasterRole -Identity FullyQualifiedDomainNameOfTheDC -OperationMasterRole InfrasturctureMaster 

        

    To transfer all FSMO roles, obviously perform all five one-liners.

    Manage Functional Levels

    In Windows Server 2008 R2, with the new Active Directory PowerShell cmdlets, two new exiting Active Directory PowerShell command emerged:

    1. Set-ADDomainMode
    2. Set-ADForestMode

    These two commands can be used to raise the Domain Functional Level and the Forest Functional Level, respectively. Not only are they able to raise the level, they are also able to return to roll back the functional level raise. (unless one of the Optional Features has been enabled)

    To raise the Domain Functional Level to Windows Server 2008 R2, run the following command, after all the Domain Controllers in your domain run Windows Server 2008 R2:

    Set-ADDomainMode –identity domain.tld –DomainMode Windows2008R2Domain

     

    To raise the Forest Functional Level to Windows Server 2008 R2, run the following command, after all the domains in the forest have been raised to Windows Server 2008 R2:

    Set-ADForestMode –identity domain.tld –ForestMode Windows2008RForest

  • Scanning for Best Practices in Hyper-V Server 2008 R2

    Hyper-V Server 2008 R2 is a server core installation of Windows Server 2008 R2, with the Hyper-V role installed by default and installation packages for a lot of infrastructure Server roles and features removed. For a complete listing, look here.

    I, therefore, refer to it as the Hyper-V optimized edition of Windows Server 2008 R2. Also, I refer to Server Core installations as optimized installations of Windows Server. But, one of the great hurdles for systems administrators to start deploying and working with Server Core installations of Windows Server is the lack of most of the graphical tools. This, in my opinion leads to two common statements:

    • Server Core is only good for command line aficionados
    • You’ll need to know what you’re doing, since Server Core lacks helpful features.

    While both statements might be true in some cases, I find the last statement a bit harsh. Server Core has many built-in features to help you not to destroy your system. Using diskpart.exe, for instance, you can’t format your system drive (which is where Windows resides). Another helpful feature is the Best Practices Analyzer (BPA). It is available in Server Core editions and yes, it’s available in Hyper-V Server 2008 R2.

    This post is on scanning for best practices in Hyper-V Server 2008 R2 and view the results.

    About Best Practices Analyzers

    Best Practices Analyzers help to avoid common configuration errors, help to avoid situations of crashes and loss of data and help recovering when accidents do happen. Best Practices Analyzers , or BPAs as TLA-addicts like to call them, are not new to Microsoft products. Not even close, since the first Best Practices Analyzer, the Microsoft Exchange Server Best Practices Analyzer (ExBPA), was released in 2004… With Windows Server 2008 R2, however, they are an integral part of the Operating System and being updated through Windows Update. More information on the Best Practices Analyzers is available here.

       

    Scanning from a remote system

    One of the two ways to scan for Best Practices for Hyper-V Server 2008 R2 is to use Server Manager from a remote system.

    Requirements

    To allow remote management, the following requirements need to be met:

    • The remote system needs to either be a Full installation of Windows Server 2008 R2 or a Windows 7 installation with the Remote Server Administration Tools (RSAT) installed.
    • Both the Hyper-V Server 2008 R2 box and the remote system need to be joined to the same Active Directory domain. (workaround here under Logon Considerations) Any supported Active Directory functional level

    Steps

    The first thing you need to do on your Hyper-V Server 2008 R2 box is to enable remote management. The Server Configuration Tool (Sconfig, replacing HVconfig from Hyper-V Server 2008) is the perfect tool to configure this. Type the following command to start the Server Configuration Tool:

    sconfig

    In the Server Configuration Tool, enable remote management by choosing menu option 4. Afterwards type 1, followed by Enter, to enable remote MMC management, type 2, followed by Enter to enable Windows PowerShell and type 3, followed by Enter, to enable Server Manager Remote Management. Afterwards, restart your Hyper-V Server 2008 R2.

    Remote management from Windows Server 2008 R2

    From a Full installation of Windows Server 2008 R2, simply fire up Server Manager (if it doesn’t start automatically after logon) and point it to your Hyper-V Server box. Point it to the name or IP address of your Hyper-V Server box, by clicking on the Server Manager node in the navigation (left) pane. Then, click the Hyper-V Server Role in the left navigation pane of Server Manager. In the Summary screen (in the main pane) you can scroll down to the Best Practices Analyzer section. Here you can:

    • Start Best Practices Analyzer Scans using Scan This Role
    • Review Best Practices Analyzer results
    • Include and/or exclude specific Best Practices Analyzer results

      

    Remote management from Windows 7 with RSAT

    Remotely managing Hyper-V Server 2008 R2 from Windows 7 requires some more steps to configure (but less money to purchase!):

    • Download the Remote Server Administration Tools (RSAT).
    • Install the freshly downloaded Standalone Update Package for RSAT.
    • Enable the Server Manager Remote Management feature through Turn Windows Features on and off (either from the Control Panel or the search bar in the Start Menu)
    • Show the Administrative Tools folder on the Start Menu by right-clicking on an empty area of the Windows 7 taskbar (Superbar) and select Properties from the context menu. Then click the Start Menu tab. Afterwards, click the Customize button. Scroll down to System administrative tools and adjust the display settings to suit your need. You can place the folder in the All Programs menu, on the All Programs menu and the Start menu or not at all (which is the default). Click OK on the dialog boxes to close them.
    • Now start Server Manager either from the Administrative Tools folder or from the Search bar in the Start Menu.
    • Point Server Manager to the name or IP address of your Hyper-V Server box, by clicking on the Server Manager node in the navigation (left) pane.
    • Then, click the Hyper-V Server Role in the left navigation pane of Server Manager. In the Summary screen (in the main pane) you can scroll down to the Best Practices Analyzer section.

      

    Scanning from the command line

    As seen above, remotely scanning for Best Practices on a Hyper-V Server 2008 R2 box may put some requirements in your way, like upgrading at least another server to Windows Server 2008 R2 or migrating a workstation to Windows 7. When you’re not quite ready for these steps, or you want the flexibility to scan for Best Practices periodically (by scripting it) you might also opt to scan for Best Practices from the command line.

    To be able to perform Best Practices Scans straight from the console of the Hyper-V Server 2008 R2 box, you first have to enable PowerShell and the Server Manager and Best Practices PowerShell commandlets. To do so, type the following commands:

    dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell
    dism /online /enable-feature /featurename:ServerManager-PSH-Cmdlets
    dism /online /enable-feature /featurename:BestPractices-PSH-Cmdlets

    You’re now able to perform Best Practices scans. To do so, run the following commands:

    powershell.exe
    Import-Module ServerManager
    Import-Module BestPractices
    Invoke-BPAModel –BestPracticesModelID Microsoft/Windows/Hyper-V

    Finish off with an export of the Best Practice Results.
    My choice is to export to HTML and get the file off the host afterwards, where it can be read on any Operating System. I use the following (one) command for that:

    Get-BpaResult -BestPracticesModelId Microsoft/Windows/Hyper-V | Where-Object {$_.Severity -eq "Error" -or $_.Severity -eq “Warning” } | ConvertTo-Html -Property Severity,Category,Title,Problem,Impact,Resolution,Help -Title "BPA Report for Hyper-V" -Body "BPA Report for Hyper-V <HR>" –Head "<title>BPA Report</title><style type=’text/css’> table  { border-collapse: collapse; width: 700px } body   { font-family: Arial } td, th { border-width: 2px; border-style: solid; text-align: left; padding: 2px 4px; border-color: black } th     { background-color: grey } td.Red { color: Red } </style>"  | Out-File "C:bpa.html"

       

    Concluding

    Hyper-V Server 2008 R2 offers Best Practice Scanning capabilities. Depending on your situation you can either scan from a remote system or straight from the console of the Hyper-V Server 2008 R2 box.

    The Best Practice Analyzer scans and their results, might help you in avoiding disasters or getting out of a disaster faster.

    Further reading

    Best Practices Analyzer
    Hyper-V Best Practices Analyzer PowerShell Automation
    Updates for Best Practices Analyzer
    Best Practices Analyzer Updates for Server 2008 R2
    Microsoft releases a Best Practices Analyzer for Hyper-V
    Best Practices Analyzer for Hyper-V – First Impressions
    Best Practices Analyzer: Run it on your server roles, not your loved ones
    PRC08: Best Practices for Deployments and Upgrades – Takeaways
    Best Practice Analyzers for Windows Servers / Exchange
    Best Practice Analyzer for Hyper-V – What does it check?