PowerShell

Available Windows PowerShell Cmdlets in NanoServerImageGenerator.psm1 in Windows Server 2016 Technical Preview 4

I’ve been playing around with Nano Server these couple of days and have been extensively using the NanoServerImageGenerator Windows PowerShell Module that shipped with the Installation Media for Windows Server 2016 Technical Preview 4 as the file NanoServerImageGenerator .psm1 file in the NanoServer folder.

You might be wondering which Windows PowerShell Cmdlets are available through this Windows PowerShell Module, so here is the list:

  1. Edit-NanoServerImage
  2. Get-NanoServerPackages
  3. New-NanoServerImage

 

Edit-NanoServerImage

The Edit-NanoServerImage Windows PowerShell Cmdlet can be used to modify a base Nano Server installation image adding packages, drivers  and configuring operating system options.

This cmdlet expects that you ran New-NanoServerImage in advance.
It operates on the image produced by New-NanoServerImage as requested.

Possible operations are: Add packages, add drivers, set computer name, set administrator password, join a domain, enable debug, enable EMS and set static IP address.

 

Get-NanoServerPackages

The Get-NanoServerPackages Windows PowerShell Cmdlet can be used to retrieve the list of available packages from the Windows Server 2016 Technical Preview 4 installation media.

This cmdlet scans the given media and returns a list of packages available to be embedded into the Nano Server image.

 

New-NanoServerImage

The New-NanoServerImage Windows PowerShell Cmdlet can be used to create a base Nano Server installation image.

This cmdlet makes a local copy of the necessary files from the installation media and converts the included WIM Nano Server image into a VHD(X) image. It then makes a copy of the converted VHD(X) image into a user-supplied path. After that, the following operations can be applied:

  • Add packages
  • Add drivers
  • Set computer name
  • Set administrator password
  • Join a domain
  • Enable debug
  • Enable EMS
  • Set static IP address

 

My Server Core April Fools’ Day Prank

We are rapidly closing in on April 1st and, as a Server Core afficianado, I can’t resist playing a practical joke on my colleagues managing our Server Core installations. Inspired by the Scripting Guy blogpost yesterday, I’ll disable all network adapters using the following PowerShell Oneliner:

Get-NetAdapter | Disable-NetAdapter -Confirm:$false

I’ll be running these commands via remote block execution pointing to a couple of Server Core installations offering non-vital and redundant services.  Since we have monitoring, it’ll be interesting to see in what manner and timeframe my colleagues will be able to solve the riddle of their servers falling off the network. Luckily, it’s been a while since anything happened to these hosts, but that is to be expected when you go Server Core.

Some Active Directory Domain Controllers, that second DHCP server, perhaps that second issuing Certification Authority, but certainly the Windows Server Update Services (WSUS) Server will see some action in one week’s time. *evilgrin*

Meet the new Server Core Program Manager!

When I took my first steps with Server Core installations, I met the Principal Program Manager for Server Core within Microsoft at its TechEd event: Andrew Mason.

Andrew is responsible for all the work done in the Server Core area, wrote at the Server Core blog, supplied answers on the TechNet Forums, and presented several times on the benefits of using Server Core installations compared to Full installations. Andrew is also responsible for making Server Core the default installation option in Windows Server 2012.

A while ago, I noticed Andrew wasn’t with Microsoft anymore.

After some investigation, I found out Andrew is now working with Amazon, apparently following the path laid out by Steve Riley and Jesper Johansson. Of course, I wish him the best of luck!

It also leaves the question on who’s the Program Manager for Server Core today unanswered…

Well. That question didn’t last long unanswered, since I met the Program Manager for Server Core last month, during a special MVP party at the balcony of the Palacio de Cibiles in Madrid during TechEd Europe 2013.

Benjamin Herila

Benjamin Herila

Not only is Benjamin currently leading the team improving on Server Core functionality in Windows Server. He also is the guy that wrote the Get-DisplayResolution and Set-DisplayResolution PowerShell Cmdlets and the underlying setres.exe executable. These bits allows us to easily change the display resolution on the command line in both Server Core and Full installations of Windows Server 2012 and beyond.

So why is this important?

If you want to keep up to date with Server Core (or any featureset of a Microsoft product), it’s good to have the name of the Program Manager, since this is the person responsible for most of the communication around the featureset and most of the presentations at both internal and external Microsoft events.

For instance, one of Benjamin’s presentations is already available online through Channel 9. Also, the last five posts on the Server Core blog have been written by Benjamin.

So, when you attend a Microsoft event and are looking for Server Core presentations, pick Benjamin Herila from the speaker list and go see his presentation(s)!

On the TechNet Forums, Benjamin has already supplied answers on several questions, related to the work his team does. It’s not just Server Core, but also Windows Server Update Services (WSUS). If you see an answer from Benjamin, you’ll know it’s the definitive answer.

Cheers, Benjamin! Martini glass

KnowledgeBase: Server Core Web Servers are not manageable remotely by default

Pre-Web-iconIn Windows Server 2012 and Windows 8, Server Manager can be used to remotely manage both Full Installations and Server Core Installations of Windows Server 2012.

Tip!
To gain access to the Server Manager functionality in Windows 8, install the Remote Server Administration Tools package. Next, you can use the Start Screen to search for the Administrative Tools folder. You will find a shortcut to Server Manager in this folder.

 

One of its features is the ability to install and uninstall Server Roles and Features remotely. This is extremely helpful in scenarios where you’d want to install multiple servers with the same Server Role at once (like the Web Server Role), but also when you’re managing Server Core installations, since Server Manager provides a graphical user interface (GUI) to make you easily achieve a lot of your configuration tasks.

 

The challenge

Many of the Server Roles available in Server Core can be installed and configured remotely. I know many admins like to use Server Manager and the Remote Server Administration Tools to manage their Server Core installations that way. Therefore, I find it a shame, that the Web Server Role cannot be installed to a basic configured state using the above method. Sad smile 

The Web Server Server Role can be installed on its own, but it is also installed when you install one of the next Server Roles in Windows Server 2012:

  1. FTP Server
  2. DirectAccess Server
  3. IP Routing
  4. Windows Server Update Services

When you try to connect with the Internet Information Services (IIS) Manager from a remote Windows Server 2012 installation, after you install the Web Server Role or any of the Server Roles above, you will be presented with an error message:

IISMgrUnableToConnect

The explanation

The root of the problem is, by default, when you install the Web Server Server Role on Server Core, the Web Management Service Role Service is not installed by default.

Security, Part 1

The reason Microsoft does not install the Web Management Service is this would mean a setback from a security perspective to the Windows 2000 Server days (where Internet Information Services were installed and enabled by default on each install). To be frank, not all Web Servers need a remote web management service, listening on management requests. Indeed, with access to the console, the many Internet Information Services-related PowerShell Cmdlets and, of course, the Web Platform Installer, remote management isn’t always needed.

 

To make things worse, even if you pay attention during the installation of the above Server Roles, you still wouldn’t be able to manage Web Servers remotely with the Internet Information Services (IIS) Manager, since the Web Management Service is not configured or started, by default.

Security, Part 2

Although the Web Management relies on authentication to be accessible and the communication between the Internet Information Services (IIS) Manager is encrypted (optionally), opening a management service listening on a TCP port is a bad idea for publicly connected machines. Therefore, the Web Management Service, by default, is not configured for remote management and its service is not running after installation.

 

This configuration can be done … wait for it… through the registry. Confused smile

You can perform these changes through Group Policy Preferences (for domain-joined Web Servers, FTP Servers, WSUS Servers, DirectAccess Servers and IP routers. Alternatively, you can use Remote Registry access or script the change with *.reg files through PSExec. Regedit.exe, however, is available on the command line of Server Core installation, so you can make this change on the console itself.

Of course, after a change, the Web Management Service (WMSVC) needs to be configured to start automatically and, then, started.

 

The solution

So, to manage a Web Server remotely, you will need to perform the following actions:

  1. Install the Web Management Service Role
  2. Configure the Web Management Service
  3. Configure the Web Management Service to start automatically
  4. Start the Web Management Service

Install the Web Management Service Role

Install the Web Management Service Role on your Server Core installation by either installing it through Server Manager on a Full Installation of Windows Server 2012.

To install the Web Management Service from the console of your Server Core installation, run the following PowerShell command:

Install-WindowsFeature Web-Mgmt-Service

 

Configure the Web Management Service

The Web Management Service can be configured through the Registry. Its settings are located in HKLMSoftwareMicrosoftWebManagementServer.

Simply start the Registry Editor on the console of your Server Core installation by typing regedit.exe, and change he value for EnableRemoteManagement from 0 to 1. Close RegEdit with Alt+F4 or by clicking the X symbol in the right top of the program.

Configure the Web Management Service to start automatically

Next, configure the Web Management Service for automatic start. Type the following command on the console of your Server Core installation:

sc config WMSVC start= auto

 

Start the Web Management Service

All we need to do now, is start the Web Management Service:

net start WMSVC

 

Concluding

Microsoft has gone to great lengths to make the Web Server as secure as possible. When you remotely manage Server Core-based Web Servers, however, you will hit some bumps on the way. This blogpost explains how to pass them

Tip! Get-DisplayResolution and Set-DisplayResolution also work on Full installations of Windows Server 2012

Computer ScreenA quick look at the Windows PowerShell support for Windows Server 2012 page on TechNet reveals two PowerShell Cmdlet gems for Server Core installations:

These two PowerShell Cmdlets fill a huge gap many Server Core administrators faced in the Windows Server 2008 and Windows Server 2008 R2 timeframes. With these two cmdlets, it’s easy to change the display resolution (or screen resolution) on Server Core installations.

Although the page on TechNet suggests otherwise, these two PowerShell Cmdlets are not just limited to Server Core installations of Windows Server 2012: They also work on Full Installations of Windows Server 2012.

This presents an interesting opportunity, because one of Windows Server 2012’s system requirements is a 1024 x 768 display. Yet, with Set-DisplayResolution I can configure a 800×600 display resolution. Despite what you might expext, when configured with a 800×600, Windows Server 2012 will still display the Start Screen…

 

I use Set-DisplayResolution a lot for demos. One of my laptops has a 1366×768 display and virtual machines running within Hyper-V, aren’t able to show their entire screen. Changing the display resolution with Set-DisplayResolution on my virtualized Windows Server 2012 installations, makes their screens sit neatly above the Task Bar.

Thanks, Microsoft!

How to disable the Windows Firewall on Server Core installations of Windows Server 2012 and Hyper-V Server 2012

FirewallFrom the first Server Core installations of Windows Server 2008 to my latest installation of Hyper-V Server 2012, I have struggled with the Windows Firewall. It is turned on by default after installation and this is a good thing. However, when you’re testing remotely managing Server Core installations of Windows Server 2012 and Hyper-V Server 2012, the Windows Firewall gets in the way fast.

As it turns out, the Windows Firewall can be turned off quite easily. Two methods exist:

  1. Disable the Windows Firewall from the command line
  2. Disable the Windows Firewall through Group Policy

Disabling from the command line

If you want to disable the Windows Firewall from the command line for a single server, PowerShell is the fastest and most reliable method. The following PowerShell one-liner will disable the Windows Firewall for all Firewall profiles:

Get-NetFirewallProfile | Set-NetFirewallProfile -enabled false

 

Disabling through Group Policy

Group Policy can be used to change settings on thousands of computers at once. To disable the Windows Firewall through Group Policy, follow these instructions:

  • Log on to a Domain Controller, or a management station that has the Group Policy Management Console (GPMC) installed with sufficient permissions to create and link Group Policy objects. (GPOs)
  • Start the Group Policy Management Console (GPMC)
  • Select an appropriate level where you want to apply the Group Policy Object (GPO), for instance the domain-level or an Organizational Unit (OU) and right-click it. Select Create a GPO in this domain, and Link it here… from the context menu. Give it a meaningful name and press OK when done.
  • Now select the newly created Group Policy Object (GPO) and right-click it. Select Edit… from the context menu. This will open the Group Policy Management Editor.
  • Open Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with advanced security. Here, open Windows Firewall with advanced security. In the right-hand pane, click on the hyperlink Windows Firewall Properties.  
  • Here, the tabs represent the Firewall profiles: domain, private and public. You can select the Firewall state for each of these profiles.
  • When done, click OK. Then, close the Group Policy Management Editor.

After the default background refresh has occurred, the firewall will be disabled on all computers in the scope of the Group Policy Object (GPO). If you don’t want to wait that long, you can run gpupdate on the computers you want to, or (when you’re using the Group Policy Management Console on Windows 8 or Windows Server 2012) you can right-click on the level where you applied the Group Policy Object (GPO) and select Group Policy Update… from the context-menu.

KnowledgeBase: Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely

Last week, Microsoft has released a KnowledgeBase article titled Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely.

In this article, Microsoft tells us the reason why we can’t connect remotely to:

  • Windows Server 2012 Device Manager from a Windows 8-based computer
  • Windows Server 2012 Device Manager from a Windows 7-based computer
  • Windows Server 2008 R2 Device Manager from a Windows 8-based computer
  • Windows 8 Device Manager from a Windows 7-based computer

The reason behind this, is the fact that Remote access to the Plug and Play (PNP) RPC interface has been removed in Windows 8 and Windows Server 2012.

As a resolution, Microsoft suggests to login to the computer locally to utilize Device Manager.

While this sounds like some sort of workaround for Full Installations, on Server Core installations of Windows Server 2012, this won’t be possible, since devmgmt.msc is not a recognized command.

The work-around for Server Core installations is to install the Windows Server Management Infrastructure role. Use the following command line to perform this action:

Install-WindowsFeature Server-Gui-Mgmt-Infra –Restart

    

Related KnowledgeBase articles

2781106 Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely

Switching between the four GUI layers in Windows Server 2012 with PowerShell one-liners

cake-iconHalf a year ago, I’ve shown you how to switch the Graphical User Interface (GUI) in Windows Server 2012. This information allowed you to convert a Full Installation to a Server Core installation or the Minimal Shell (“MinShell”), then known as ‘Features on Demand’.

In the release of Windows Server 2012, Microsoft has made it super easy to switch the GUI with PowerShell. This was achieved by making the Server Features that compose the Graphical User Interface (GUI) interdependent, effectively layering them like a cake.

The four layers of GUI

The four layers that now have been created compose the following GUI modes:

  • Server Core
    In Server Core, basically, none of the GUI Server Features have been enabled / all of the GUI Server Features have been disabled.
      
  • Minimal Shell (“MinShell”)
    In the Minimal Shell, previously known as ‘Features on Demand’, the ‘Graphical Management Tools and Infrastructure’ feature has been enabled. This feature has no dependencies on the other GUI Features.
      
  • Full Installation
    In a Full Installation, both the ‘Graphical Management Tools and Infrastructure’ and ‘Server Graphical Shell’ feature has been enabled. The latter feature has a dependency on the first feature; If you install the ‘Server Graphical Shell’ feature when in Server Core, the ‘Graphical Management Tools and Infrastructure’ will automatically be added.
      
  • Full Installation with Desktop Experience
    If you enable the ‘Desktop Experience’ feature when in a Full Installation, you add the Windows RunTime, the Windows Store and thus the ability to buy, download and run Apps in the Start Screen. Note, however, that there is no automatic dependency resolution for the Desktop Experience feature. This feature can only be enabled when already in a Full Installation.

Switching

Now that we have knowledge of the layers, we can convert Full installations of Windows Server 2012 and MinShell installations of Windows Server 2012 to Server Core with just one line of PowerShell:

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart

 

To convert a Full installation of Windows Server 2012 to MinShell, run the following PowerShell command:

Uninstall-WindowsFeature Server-Gui-Shell –Restart

 

To go from Server Core to MinShell, all you need to do is install the Graphical Management Tools and Infrastructure:

Install-WindowsFeature Server-Gui-Mgmt-Infra -Restart

  

To go from a Server Core installation of Windows Server 2012 or a MinShell installation of Windows Server 2012 to a Full Installation, simply add the Server Graphical Shell with the following command:

Install-WindowsFeature Server-Gui-Shell –Restart

    

Concluding

Switching between Full Installations, MinShell Installations and Server Core Installations on Windows Server 2012 is simple when you know how.

Use these simple one-liners to switch to your hearts content.

Further reading

Windows Server 2012 Installation Options

Switching between GUI modes in Windows Server 8

This post covers a pre-release product and was written in February 2012. The actual product may not reflect the behavior, specifications or intentions found in this post. Use with caution.

ConfigureA couple of months ago, I wrote about the new Server Core and Features on Demand options in Windows Server 8. Today I’ll show you how to switch between the Server Core mode and the Full Installation.

The way you’d use the commands below is to test and deploy your Windows Servers. Remember “Server Core is the preferred deployment configuration.”, but not all software and agents (anti-malware, management, UPS, backup, monitoring, etc.) are ready for a Windows installation with minimal Graphical User Interface (GUI). Starting with Windows Server 8, you can switch from a Full Installation to a Server Core installation after installation. Also, you can switch back in case you forgot to adjust a setting that is only available in the Full GUI.

PowerShell, of course…

It should come as no surprise the commands to switch between Server Core, Features on Demand and Full Installation are available as PowerShell cmdlets. PowerShell has been a Common Engineering Criteria since 2009 and all products and technologies should be used with PowerShell. A positive side effect of having PowerShell commands is you can run these commands with a remote code block on any or all Windows Servers in your Server farm.

The cmdlets are part of the DISM PowerShell Module, so every time you’d like to switch between GUI modes, you need to import the module for the cmdlets to be available.

More a traditionalist?

You can also use the more traditional Deployment Image Servicing and Management tool, known within Windows as dism.exe.

One of the things you should be aware of, is that when you use dism.exe you will need to watch the case of your commands.

  

Switching

 
mobsyncBasically, Microsoft has made both the minimalistic GUI and the Full GUI features in Windows Server 8. This means, the commands for switching between the three GUI modes are similar to adding a Server Role or Server Feature on Windows Server 2008 and Windows Server 2008 R2.

From a Full Installation to Server Core

To switch from a Full Installation to the Features on Demand installation option, choose between the following commands:

     Import-Module Dism
     
      Disable-Feature –online –Featurename ServerCore-FullServer

or

    Dism /online /disable-feature /featurename:ServerCore-FullServer

Afterwards, reboot.

From Server Core to a Full Installation

To switch from a Server Core installation to a Full Installation, requires a bit more work, but is more or less identical:

     Import-Module Dism
    
     Enable-Feature –online -Featurename ServerCore-FullServer,
     Server-Gui-Shell,Server-Gui-Mgmt

or

     Dism /online /enable-feature /featurename:ServerCore-FullServer
    
/featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt

Afterwards, reboot.

Server Core and Features on Demand in Windows Server 8

This post covers a pre-release product and was written in September 2011. The actual product may not reflect the behavior, specifications or intentions found in this post. Use with caution.

Microsoft showed off Windows Server 8 at the second day of the //Build/ conference last week. In the session named SAC-416T, Andrew Mason (Principal Group Program Manager for Server Core) and Jeffrey Snover (Distinguished Engineer and Lead Architect of Windows Server) introduced the plans with user interface options in Windows 8.

A little bit of recent history…

Whereas Windows Server 2008 and Windows Server 2008 R2 offer the Server Core installation option, to minimize the burden of Graphical User Interfaces (GUIs), according to Microsoft, this was an ideal situation.

Windows Server 2008

As you might remember, Server Core was introduced as an installation option for Windows Server in Windows Server 2008. As a systems administrator you could choose this option at installation and you needed to stick with your choice. This choice meant you had trouble installing applications (like UPS management, backup and antivirus tools) and management was spotty without PowerShell. Also, one of the places where security mattered most could not be addressed within Server Core: Servers running dynamic (ASP.Net based) websites.

Windows Server 2008 R2

With the release Microsoft improved the Server Core installation option significantly. Now you could make most ASP.Net-based websites work on server Core, roughly 230 PowerShell cmdlets were introduced and most producers of management, UPS and antivirus products had awoken to the idea of Windows Server without Windows.

Windows Server 8

With Windows Server 8, Microsoft ups the game. Windows PowerShell now boosts a tenfold more cmdlets. An installation option was deemed insufficient, so the option to switch between the Server Core and Full installation gets introduced. Furthermore, Microsoft will introduce a new flavor between the Server Core installation and the Full installation. This is called the ‘Features on Demand’ option.

These three flavors can already be found when installing the Windows Server 8 Developer Preview (build 8102):

image

This screen during the Windows server setup now loses a lot of importance, since you can switch between the three flavors after the Operating System is installed.

Differences between the three interface options

The differences between these three flavors is described in the following table:

Server Core Installation

Features on Demand

Full Installation

Windows Core

o

o

o

Windows PowerShell

o

o

o

.Net Framework 4

o

o

o

Server Manager

o

o

Microsoft Management Consoles

o

o

A subset of Control Panel Applets

o

All Control Panel Applets

o

Windows Help

o

Windows Explorer

o

Internet Explorer

o

Guidance

Andrew and Jeffrey delivered the message ‘Server Core is the preferred deployment configuration’ strongly. This single sentence even received it’s own PowerPoint slide to illustrate the point. A Server Core installation requires the least amount of resources, time and patches of all Windows Server installation options.

But no longer, will you need to deploy your server as a Server Core installation. From Windows Server 8, you will be able to install Windows Server either as a Full Installation or Features on Demand Installation and when done trim down the Windows Server installation to a Server Core installation, where possible.

If all your agents and applications support Server Core and you don’t need any of the MMCs or Control Panel Applets, or you can reproduce your advanced settings through the registry, APIs, Remotely or through WS-Management, you can install Server Core from the start, offering you a superb deployment experience with the least amount of deployment traffic.

Concluding

Microsoft unfolded a strategic view on the interface options in Windows Server 8. You can now choose between a Server Core installation, a Features on Demand Installation and a Full Installation, each offering more Graphical User Interface elements.

No longer do you need to make this choice at the installation of the Windows Server Operating System. You can switch between the three interface options after installation, offering huge flexibility and security in the long run.

Further reading

Windows Server 8 apps must run without a GUI – learn more now

Microsoft Unveils Windows Server 8
Windows Server 8 will bring us this!
10 best new features of Windows Server 8
Windows Server 8: Now with added VMware and Unix
Windows Server 8 should be full of surprises
Microsoft provides more details about Windows Server 8