Thursday, June 25, 2009

How do I perform a install a SERVER CORE installation using an UNATTEND file

Using an unattend file to install a Server Core installation

Using an unattend file for a Server Core installation enables you to perform most of the initial configuration tasks during Setup. Performing an unattended Server Core installation provides the following benefits:

  • There is no need to perform the initial configuration by using command-line tools.
  • You can include the settings in the unattend file to enable remote administration (when Setup is complete).
  • You can configure settings that cannot be easily modified at a command prompt, such as display resolution.

To install a Server Core installation by using an unattend file:

  1. Create a .xml file titled Unattend.xml by using a text editor or Windows System Image Manager.
  2. Copy the Unattend.xml file to a local drive or shared network resource.
  3. Boot your computer to Windows Preinstallation Environment (Windows PE), Windows Server 2003, or Windows XP.
  4. Insert the media disk with the Server Core installation of Windows Server 2008 into your disk drive. If the auto-run Setup window appears, click Cancel.
  5. At a command prompt, change to the drive that contains the installation media.
  6. Type the following at a command prompt:
    setup /unattend:<path>\unattend.xml
    where path is the path to your Unattend.xml file.
  7. Allow Setup to complete.

Note:
Appendix A of this document contains a sample unattend file with comments that explain the settings in the sample configuration. This sample can be modified for use in your environment.

Monday, June 8, 2009

How do I perform ACTIVATION on the windows SERVER CORE?

 

To perform the ACTIVATION on the windows SERVER CORE type the following at the command prompt:

slmgr.vbs –ato

If activation is successful, no message will return in the command prompt.

 

OR

 

You can also activate by phone, using a Key Management Service (KMS) server, or remotely by typing the following command at a command prompt of a computer that is running Windows Vista or Windows Server 2008:

cscript windows\system32\slmgr.vbs <ServerName> <UserName> <password>:-ato

Friday, June 5, 2009

Prerequisites for installing a server role on a server running Server Core installation…

Prerequisites for installing a server role on a server running Server Core installation

  • A computer on which you have installed and configured a Server Core installation of Windows Server 2008.
  • An administrator user account and password for the server running the Server Core installation.
  • If installing and configuring a print server, another computer running Windows Vista or Windows Server 2008 on which
  • you can run the Print Management Console to remotely configure the print server.
  • If installing and configuring a DHCP server, the information required to configure a DHCP scope.
  • If installing and configuring a DHCP server, you must configure the server running the Server Core installation to use a static IP address.
  • If installing and configuring a DNS server, the information required to configure a DNS zone.
  • If installing and configuring an Active Directory environment, the information required to either join an existing domain or to create a new domain.
  • If you are going to promote the server running the Server Core installation to be a domain controller in an Active Directory domain, a domain administrator user name and password.

How do I configure the FIREWALL on the windows SERVER CORE?

To configure the FIREWALL on the windows SERVER CORE:

Use the following command.

netsh advfirewall

For example, to enable remote management from any MMC snap-in, type the following:

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Notes: You can also use the Windows Firewall snap-in from a computer running Windows Vista or Windows Server 2008 to remotely manage the firewall on a server running a Server Core installation. To do this, you must first enable remote management of the firewall by running the following command on the computer running a Server Core installation:

netsh advfirewall set currentprofile settings remotemanagement enable

Tuesday, May 26, 2009

How do I install the DHCP Server role on the SERVER CORE ?

To install the DHCP Server role on the SERVER CORE

  • At a command prompt, type:

start /w ocsetup DHCPServerCore

  • Configure a DHCP scope at the command prompt by using netsh, or by remotely using the DHCP snap-in from Windows Server 2008.

If the DHCP server is installed in an Active Directory domain, you must authorize it in Active Directory.

  • The DHCP Server service does not start automatically by default. Use the following procedure to configure it to start automatically and to start the service for the first time.To configure and start the DHCP Server service

At a command prompt, type:

sc config dhcpserver start= auto

Start the service by typing:

net start dhcpserver

  • Typing the following at the command prompt will uninstall the DHCP Server role

start /w ocsetup DHCPServerCore /uninstall

How do I install the DNS server role on the SERVER CORE ?

To install the DNS Server role on the SERVER CORE

  • At a command prompt, type:

start /w ocsetup DNS-Server-Core-Role

Note: Using /w prevents the command prompt from returning until the installation completes. Without /w, there is no indication that the installation completed.

  • Configure a DNS zone at the command prompt by typing:

dnscmd

OR

by remotely using the DNS MMC snap-in.

Note: Typing start /w ocsetup DNS-Server-Core-Role /uninstall at the command prompt will uninstall the DNS Server role.

Wednesday, May 20, 2009

How do I join the “SERVER CORE” into an existing “DOMAIN” ?

To join the “SERVER CORE” into an existing DOMAIN:

  • At a command prompt, type:

netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /password:*

ComputerName is the name of the server that is running the Server Core installation.
DomainName is the name of the domain to join.
UserName is a domain user account with permission to join the domain.

  • When prompted to enter the password, type the password for the domain user account specified by

UserName

  • If you need to add a domain user account to the local Administrators group, type the following command:

net localgroup administrators /add <DomainName>\<UserName>

  • Restart the computer. You can do this by typing the following at a command prompt:

shutdown /r /t 0

Monday, May 11, 2009

Benefits of a Windows Server 2008 SERVER CORE installation

bene The Server Core installation option of Windows Server 2008 provides the following BENEFITS:
    • Reduced maintenance:

- Because the Server Core installation option installs only what is required to have a manageable server for the AD DS, AD LDS, DHCP Server, DNS Server, File Services, Print Services, and Streaming Media Services roles, less maintenance is required than on a full installation of Windows Server 2008

    • Reduced attack surface:

- Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.

    • Reduced management:

- Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage.

    • Less disk space required:

- A Server Core installation requires only about 1 gigabyte (GB) of disk space to install and approximately 2 GB for operations after the installation.

What Server Roles would a Server running a Windows Server 2008 SERVER CORE installation support ?

Server running a Server Core installation supports the following server roles:

    • Active Directory Domain Services (AD DS)
    • Active Directory Lightweight Directory Services (AD LDS)
    • DHCP Server
    • DNS Server
    • File Services
    • Print Services
    • Streaming Media Services
    • Web Server (IIS)

To accomplish this, the Server Core installation option installs only the subset of the binary files that are required by the supported server roles

Introduction to Windows 2008 SERVER CORE

The Server Core installation option is a new option that you can use for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles.

 servercore

To accomplish this, the Server Core installation option installs only the subset of the binary files that are required by the supported server roles. For example, the Explorer shell is not installed as part of a Server Core installation. Instead, the default user interface for a server running a Server Core installation is the command prompt.

    How to Configure the Network Settings on Windows Server 2008 / Server Core using the COMMAND PROMPT

    • At a command prompt, type the following:

    netsh interface ipv4 show interfaces

    • Make a note of the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address.
    • At the command prompt, type:

    netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>

    Where:

    ID is the number from step 2 above

    StaticIP is the static IP address that you are setting

    SubnetMask is the subnet mask for the IP address

    DefaultGateway is the default gateway

    • At the command prompt, type:

    netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP>index=1

    Where:

    ID is the number from step 2 above

    DNSIP is the IP address of your DNS server

    • Repeat step 4 for each DNS server that you want to set, incrementing the index= number each time.

    Notes:

    If you set the static IP address on the wrong network adapter, you can change back to using the DHCP address supplied by using the following command:

    netsh interface ipv4 set address name="<ID>" source=dhcp

    where ID is the number of the network adapter from Step 2.

    Wednesday, April 29, 2009

    How do Enable or Disable APIPA in the TCP/IP stack for Windows Server 2008 ?

    IPAutoconfigurationEnabled

    Key: Tcpip\Parameters

    Value Type: REG_DWORD—Boolean

    Valid Range: 0, 1 (false, true)

    Default: 1 (true)

    Description: This value enables or disables IPv4 autoconfiguration using APIPA.

    nic 

    Note: This value is generally setup globally and not locally

    How do I change the default APIPA range from 169.254.xx.xx or the one stored by DHCP to a custom IP Address range in the TCP/IP stack for Windows Server 2008?

    IPAutoconfigurationAddress

    Key: Tcpip\Parameters\Interfaces\interfaceGUID

    Value Type: REG_SZ—String

    Valid Range: Change to a valid IPv4 address

    Default: None

    Description: This value stores the APIPA autoconfiguration IPv4 address chosen by the DHCP client.

    apipa

    Note: “This value should not be altered unless there is a specific requirement”

    Wednesday, April 22, 2009

    How to enable Multicast Forwarding in the TCP/IP stack for Windows Server 2008

    EnableMulticastForwarding

    Key: Tcpip\Parameters

    Value Type: REG_DWORD—Boolean

    Valid Range: 0, 1 (false, true)
    Default: 0 (false)
    Description: The routing service uses this value to control whether or not IP multicasts are forwarded. This value is created by the Routing and Remote Access service.

    Monday, April 20, 2009

    How to Disable IP Source Routing in Windows Server 2008 ?

    DisableIPSourceRouting

    Key:  Tcpip\Parameters, Tcpip6\Parameters

    Value Type: REG_DWORD—Boolean

    Valid Range: 0, 1, 2

    0 - forward all packets
    1 - do not forward source routed packets
    2 - drop all incoming source routed packets

    Default: 1 for IPv4 and 0 for IPv6

    Description: IP source routing is a mechanism that allows the sender to determine the IP route that a packet should take through the network. The Ping and Tracert tools have command-line options to specify source routing

    Changes in TCP/IP stack for Windows Server 2008 “netsh interface set interface” commands

    Many of the TCP/IP registry values supported in Windows XP and Windows Server 2003 are not supported by TCP/IP in Windows Vista and Windows Server 2008. You can configure additional TCP/IP settings with command-line parameters for the following Netsh commands at a Windows command prompt with administrator-level permissions:

    • netsh interface ipv4 set interface
    • netsh interface ipv4 set global
    • netsh interface ipv6 set interface
    • netsh interface ipv6 set global

    Thursday, April 16, 2009

    Why IPv6 in TCP/IP stack now for Windows Server 2008 ?

    • Large address space

    - The 128-bit address space for IPv6 provides ample room to provide every device on the present and foreseeable future Internet with a globally reachable address.

    • Efficient routing

    - With a streamlined IPv6 header and addressing that supports hierarchical routing infrastructures, IPv6 routers on the Internet can forward IPv6 traffic faster than their IPv4 counterparts.

    • Ease of configuration

    - IPv6 hosts can configure themselves by either interacting with a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server or by interacting with their local router and using stateless address autoconfiguration.

    • Enhanced security

    - The IPv6 standards solve some of the security issues of IPv4 by providing better protection against address and port scanning attacks and by requiring that all IPv6 implementations support Internet Protocol security (IPSec) for cryptographic protection of IPv6 traffic.

     

    Reference: http://technet.microsoft.com/en-us/library/bb878121.aspx

    Dual IP layer architecture for IPv6 in the TCP/IP stack for Windows Server 2008

    The implementation of IPv6 in Windows XP and Windows Server 2003 is a dual stack architecture. For IPv6 support, you have to install a separate protocol through the Network Connections folder. The separate IPv6 protocol stack had its own Transport layer that included Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) and its own Framing layer. Changes to protocols in either the Transport or Framing layers had to be done to two Windows drivers; Tcpip.sys for the IPv4 protocol stack and Tcpip6.sys for the IPv6 protocol stack.

    The Next Generation TCP/IP stack supports the dual IP layer architecture in which the IPv4 and IPv6 implementations share common Transport and Framing layers. The Next Generation TCP/IP stack has both IPv4 and IPv6 enabled by default. There is no need to install a separate component to obtain IPv6 support.

    PUG Windows 7 Day - IT Pro Track - Hope to see you ALL there

    Register now free

    http://www.puneusergroup.org/windows7day-itpro.aspx

    Seminar Location:
    Capgemini India
    A-1, Technology Park
    MIDC Talwade
    Pune -412114
    India

    http://www.puneusergroup.org

    Friday, April 10, 2009

    Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) and Challenge-Handshake Authentication Protocol (CHAP)

    The Challenge Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity.

    RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP) defines the protocol.

    CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user's password).

    After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer.
    The peer responds with a value calculated using a one-way hash function, such as an MD5 checksum hash.
    The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
    At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.
    CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.

    Microsoft has implemented a variant of the Challenge-handshake authentication protocol, called MS-CHAP, which does not require either peer to know the plaintext.

    MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows 2000 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release" and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista drops support for MS-CHAPv1.

    Compared with CHAP, MS-CHAP:

    is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
    provides an authenticator-controlled password change mechanism
    provides an authenticator-controlled authentication retry mechanism
    defines failure codes returned in the Failure packet message field
    MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

    Memories - MCT Summit 2009, Hyderabad

     

    Days Well Spent !!

    Thursday, April 9, 2009

    Shiva Password Authentication Protocol (SPAP) now included in the TCP/IP stack for Windows Server 2008

    Shiva Password Authentication Protocol (SPAP) now included in Windows Server 2008 which works in co-ordination with RADIUS and encrypts the password so that it transferred securely within the Network

    Shiva Password Authentication Protocol (SPAP) is a simple encrypted password authentication protocol supported by Shiva remote access servers. With SPAP, the remote access client sends an encrypted password to the remote access server. SPAP uses a two-way encryption algorithm. The remote access server decrypts the password and uses the plaintext form to authenticate the remote access client.

    Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva. A computer running Windows XP Professional, when connecting to a Shiva LAN Rover, uses SPAP, as does a Shiva client that connects to a server running Routing and Remote Access. This form of authentication is more secure than plaintext but less secure than Challenge Handshake Authentication Protocol (CHAP) or Microsoft Challenge Handshake Authentication Protocol (MS-CHAP).

    To enable SPAP-based authentication, you must do the following:

    1. Enable SPAP as an authentication protocol on the RADIUS client. SPAP is disabled by default.
    2. Enable SPAP on the appropriate network policy. SPAP is disabled by default.
    3. Enable SPAP on the access client

    Reference:

    http://technet.microsoft.com/en-us/library/dd197599.aspx

    Wednesday, April 8, 2009

    Enabling ECN (Explicit Congestion Notification) which is now included in the TCP/IP stack for Windows Server 2008

    What is ECN?
    Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and is defined in RFC 3168 (2001). ECN allows end-to-end notification of network congestion without dropping packets.The Addition of Explicit Congestion Notification (ECN) to IP, states that with the addition of active queue management (for example, WRED) to the Internet infrastructure, routers are no longer limited to packet loss as an indication of congestion.

    ECN and Windows Operating Systems
    ECN has now been added to the TCP/IP stack in the following Windows Operating Systems:
    1. Windows Vista
    2. Windows 7
    3. Windows Server 2008

    How do we enable ECN is Windows Operating System?

    1. Open a command prompt as an adminstrator
    2. Type "netsh int tcp show global"this will show your current TCP/IP state
    3. To enable ECN, in command prompt type:"netsh int tcp set global ecncapability=enabled"
    4. To enable CTCP (Compound TCP)in command prompt type:"netsh int tcp set global congestionprovider=ctcp"
    5. To verify changes Type "netsh int tcp show global"