If you want to access Server Core by using
Remote Desktop from a Windows OS other
than Vista, replace the /AR 0 switch with /CS
0. To see the full list of scregedit’s possibilities,
type the command
cscript c:\windows\system32\
scregedit.wsf /cli
Authenticate to Server
Core with MMC
During the initial configuration, or if Server
Core will be a standalone server, you might
need to authenticate to it from a remote
machine by using pass-through authentication.
Some, but not all, MMC snap-ins let you
specify a username and password when you’re
connecting to a remote computer.
The easiest way to get access remotely with
MMC is to create a local user on Server Core
that has the same username and password as
the remote account that you’re using to run
MMC. This way, authentication will happen
transparently. The new user also needs to be
an administrator on Server Core to gain unrestricted
access. You can create a user and add
the username to the administrators group by
entering the following commands:
net user /add <username>
<password>
net localgroup administrators
/add <username>
If you join Server Core to a domain, you
should delete this account and use a domainbased
user for authentication. Whether Server
Core is a member of a domain or a standalone
server, you should consider configuring
Windows Firewall with Advanced Security to
restrict which machines can connect remotely
to Server Core.
Configure Windows
Firewall
To enable the Windows Firewall with Advanced
Security snap-in on any machine used for
administration to access a given Server Core
box, log on to Server Core as an administrator
and type the command
netsh advfirewall set publicprofile
settings remotemanagement
enable
To access other remote administration tools,
such as the MMC Event Viewer snap-in, run
the following command on Server Core to permit
access through Windows Firewall:
netsh firewall set service
remoteadmin enable
After you’ve made these basic changes to
Windows Firewall on Server Core, you can use
the Windows Firewall with Advanced Security
snap-in from a remote computer for all further configuration
of Server
Core’s firewall.
You could additionally
modify
the firewall rules
to allow access to
Server Core from
specific administration
workstations
only, if
desired. To do
so, you change
the scope of the
predefined inbound rules for Windows Firewall
Remote Management, Remote Desktop,
and Remote Administration by setting a list
of remote IP addresses that are permitted to
access Server Core. Figure 3 shows setting the
scope of a Windows Firewall Remote Management
rule.
Firewall rules are associated with one of
three network profiles: Domain, Private, or
Public. (Server Core uses the Public network
profile out of the box.) To determine which
profile is currently active, click the Windows
Firewall with Advanced Security node directly
below Console Root in the MMC window.
You’ll see an overview of the firewall’s settings
in the central pane, including information
about the active profile. If you change the
scope for a rule that’s associated with a profile
that’s not currently active, the changes won’t
be effective.
For more information about
configuring Windows Firewall with
Advanced Security, see the Security
Pro VIP article “Windows Firewall
Shows New Maturity in Vista,” April
5, 2007 (InstantDoc ID 95099). The
configuration process is similar in
Server 2008 and Vista.
Access the File
System
The easiest way to get access to
Server Core’s file system is to use
Windows Explorer on an administration
workstation and map drives to
the root administrative shares that
are enabled by default on Server Core
(e.g., c$ and d$). You can connect to
these shares only with an account
that has administrator privileges on
Server Core, and you must enable remoteadmin by using netsh, as shown earlier.
The File Server role is installed by default to
provide access to these administrative shares,
but you can also install features such as File
Replication Service (FRS).
To map a network drive to an administrative
share on Server Core from a remote
machine, use a command similar to the following:
net use z: \\192.168.1.100\c$
Join Server Core to an AD
Domain
You can use the netdom command to join
Server Core to an existing AD domain, as follows:
netdom add
/domain:
/userd:
/passwordd:
Install Server Roles and
Optional Features
Server Core supports the server roles Active
Directory Domain Services, Active Directory
Lightweight Directory Services (AD
LDS), DHCP Server, DNS Server, File Services,
Print Server, Streaming Media Services,
and Web Server (IIS), among others. For a
full list of server roles and other supported
features, go to www.microsoft.com/windowsserver2008/servercore.mspx.
