Windows Server 2008 64 bit Notebook

Now that I have a 64 bit notebook, I get to do fun stuff like install the 64 bit version of Windows Server 2008 (beta 3). I wasn’t too sure how well the experiment would go, but so far it’s been pretty successful.

Drivers weren’t such an issue as most of the Vista x64 drivers worked flawlessly. I still have 3 unknown devices in the device manager and I haven’t yet tried to configure the finger print scanner, but everything else is good.

Obviously the first thing I did once the graphics drivers were installed, was to make it look like Vista with all the eye-candy. You need to install the “Desktop Experience” option from the “Add Features” section of “Server Manager”. Once that’s installed and you’ve rebooted, you need to enable the “Themes” service and enable all the performance options by going in to the “Advanced System Settings” and turning on all the visual stuff. Then reboot again and you can select the “Windows Vista” theme and the “Windows Aero” appearance settings. As you can see from the screenshot below, it’s all working well.

Windows Server 2008 running Aero

I also needed to configure wireless networking which isn’t installed by default (this is a good thing!) Just get back to the “Add Features” section and you can install the wireless networking option from there.

I have my key apps installed (Firefox, Live Messenger, Live Writer) and it all feels quite solid so far. Now to get some real server stuff running…

Reduced attack surface area

Jeff Jones (Strategy Director in the Microsoft Security Technology Unit) has written a post about Server Core and how its reduced footprint increases security dramatically. The key here is “reduced attack surface area” as all of the most insecure areas of a server have been removed, such as IIS, Internet Explorer, Windows Media Player, etc…

However, pulling all these components out of a server have also reduced its functionality, which is why only the following roles are available: (taken from the excellent Server Core Step By Step Guide)

  • Active Directory Domain Services
  • Active Directory Lightweight Directory Services (AD LDS)
  • Dynamic Host Configuration Protocol (DHCP) Server
  • DNS Server
  • File Services
  • Print Server
  • Streaming Media Services

I’m a big fan of this approach and I can’t wait for Server Core to be improved so that the GUI is completely removed. Server Core GUI also hope that the modulisation of the components is improved so that the Web Server role becomes available as a Server Core option. It would seem to me that one of the best scenarios to implement a server with a “reduced attack surface area” would be on a public-facing web server.

Server Core testing – Initial setup

Now that I have a new Server Core installation ready for setup, I read through the Step by Step guide a bit more and continued on to the initial setup.

  1. Change the admin password
    As I mentioned in a previous post, when you create a new Server Core installation you are greeted with a logon box asking for a username and password. To log in you must use Administrator with a blank password and you’re presented with a command prompt window. Type the following to get a prompt to change the admin password:
    net user administrator *
  2. Set a static IP address
    This step wouldn’t be necessary if we were already running a DHCP server and wanted to use that to hand out IP addresses, but seeing as we’re setting up the first server in our domain, we need this one to have a static IP address. First step to perform is to run the following command to get the list of network adapters connected to the server:
    netsh interface ipv4 show interfaces
    Make a note of the “Idx” number of the connection as you’ll need this for the next command:
    netsh interface ipv4 set address name="Idx number" source=static address="ip address" mask="subnet mask" gateway="gateway address"
    You then need to add DNS servers to the IP configuration, but because this server will be my first DNS server, I’ll set the address to the localhost address like this:
    netsh interface ipv4 add dnsserver name="Idx number" address="127.0.0.1" index=1
    You can add further DNS servers if you wish by running the same command above while incrementing the index value at the end.
    You can check that the command has worked by running a standard “ipconfig” command.
  3. Rename the server
    I’m going to give this server the very creative name of: vmscdc1 (VMware, Server Core, Domain Controller 1) using the following command:
    Netdom renamecomputer CurrentComputerName /NewName:vmscdc1
    I forgot to mention that you need to get the current computer name first, using the hostname command. Once the command has run, it’s time to reboot the computer.

The next step will be to create the domain, which I’ll cover in the next post.

Longhorn testing round 2

Server Core GUIWell this is interesting – my first, first-hand experience with Server Core. There’s only one command prompt window rather than the two that was present in previous betas. There is still a GUI, and you can run several apps such as Notepad, Task Manager, Regedit, which are probably the three most useful GUI apps I can think of off the top of my head, so that’s all good.

When you first log in to the server after install, you’re presented with a Vista-like logon window. I correctly assumed I would need to log in with “Administrator” and a blank password although this isn’t obvious. (No, I haven’t read the docs yet!) Once you’re logged in, you just get the command prompt window, but I think it would be better to get you into some sort of utility to force you change your password to something more secure.

Next issue I ran in to was how to install VMware Tools, or – did I need to install VMware Tools? I decided to give it a crack and found this article on the VMware support site which explains how to install the Tools silently from the command prompt. I used the following command as I didn’t want to install the Shared Folders feature, which I never want on a server: “msiexec -i “D:\VMware Tools.msi” ADDLOCAL=ALL REMOVE=Hgfs /qn” This didn’t go 100% well, as there were a couple of error messages that popped up about missing DLLs but I guess that would be expected with a Server Core system. The VM then rebooted and when it came back up, VMware Tools were installed.

At this point I thought I’d take a break and read through the Server Core Step by Step Guide. First I read this:

A server running a Server Core installation supports the following server roles:

  • Active Directory Domain Services (AD DS)
  • Active Directory Lightweight Directory Services (AD LDS)
  • DHCP Server
  • DNS Server
  • File Services
  • Print Server
  • Streaming Media Services

So no web server role – which actually makes sense because I remember that the Dot Net Framework isn’t supported on Server Core, which is also the reason why PowerShell isn’t supported on Server Core either. But a Server Core Web Server seems ideal though because it is most vulnerable to attack (internet facing) so you would want it as stripped down as possible. So as my initial idea of the web server wasn’t going to work, I decided to forge ahead and create a domain controller for a new domain. (To be continued)

Longhorn testing round 1

Longhorn 1 – Stuart 0

First round of Longhorn didn’t go well, but I’ve only got myself to blame. I installed a Standard edition of Longhorn into VMware Server which all went fine. Then I jumped straight into the new Server Manger, and went a bit crazy and selected a whole bunch of roles at once.

Needless to say, the installation of the roles failed and I couldn’t be bothered trouble-shooting it so I just deleted the vm and decided to think of a better way to test. So I’ve decided to set up a bunch of servers for specific roles instead. The first one that I’ll be doing is a dedicated web server running the new IIS 7. I’ll also try it with just the Server Core version installed as there’s no need for a GUI shell on a web server.

We’ll see how this one goes, but other roles I’ll set up later will be a dedicated terminal server, and perhaps a trusty old file server too.

Windows Server 2008

Most people are expecting Longhorn to eventually become officially known as Windows Server 2008, but it looks like Microsoft have inadvertently let the cat out of the bag by posting a link to the “Windows Server 2008 Reviewers Guide” on the WinHEC press site. Eagle-eyed Mary Jo Foley picked up on it and grabbed a screenshot before Microsoft sneakily changed the link back to it’s current name, Longhorn.

Of course, perhaps Microsoft did this on purpose to throw us eager bloggers off their scent, and there’s still a chance that it will be called Longhorn Server… (but I doubt it.)

Microsoft in defensive mode

Big news this week was that Microsoft have had to drop postpone some key features from their new virtualisation software currently in development. Mike Neill, GM of virtualisation strategy went on the defensive with a lengthy blog post detailing all of the cool things about Microsoft’s new virtualisation platform, codenamed Viridian. But if you kept reading through the whole post, you would have noticed the small section at the bottom where he mentions the features that are being dropped:

So we are making the following changes, and postponing these features to a future release of Windows Server virtualization:

  • No Live migration
  • No hot-add resources (storage, networking, memory, processor)
  • Support limit of 16 cores/logical processors (e.g., 2 processor, quad-core systems is 8 cores; or 4 processor, quad-core system is 16 cores)

I always enjoy watching my feeds through Google Reader when Microsoft drops some big news. I subscribe to the TechNet blogs feed so I always get to the skewed point of view from there. For example, when a new product is released you’ll see lots of “cool”, “new”, “!!!”, etc, but when some bad news is released you’ll see all the Microsofties go on the defensive with somber posts explaining that “shipping is a feature” or playing down the news. Then you compare that with the feeds from the rest of the blogosphere and you get the opposite reactions.

Personally, I don’t have much opinion on the Virtualisation news – I think VMware’s ESX server and Virtual Infrastructure will rule the enterprise space for the foreseeable future. By the time that Microsoft have released their v.1 product, VMware will probably be on v.4 with an already established userbase.

PowerShell, Longhorn and Server Core

As I mentioned yesterday, PowerShell is now integrated into Longhorn server – and you can read more about it here, http://www.microsoft.com/windowsserver/longhorn/powershell.mspx. Unfortunately, PowerShell won’t be available for Server Core installations, which is where it would make most sense being used. For those that don’t know, Server Core is Microsoft’s first attempt to create a server which can be installed without a GUI.

As most first attempts go, Microsoft haven’t quite got it right yet… Although you’ll read about how Server Core doesn’t have a GUI, this isn’t really accurate – it does have a GUI, but what it doesn’t have is a “shell”. Server Core is an option when installing Longhorn Server, and when you first boot up a Server Core system you are presented with a standard Ctrl+Alt+Del logon boxes. After logging in, you’re then presented with two command prompt windows and nothing else. Why two command prompt windows, you ask? Well – what happens if you close your only command prompt window? This obviously wouldn’t be a problem if it was a true GUI-less system, but as you explore Server Core, you’ll find that lots of GUI applications run just fine. For example, if you do close both your command prompt windows, you can just open up task manager and run a new process.

So the reason I’m explaining how Server Core works is so that you understand that it hasn’t been designed from the ground up as a true GUI-less server. But it’s more just a hacked version of Windows that has had as many GUI components pulled out as possible. One of the casualties of this hacking is that the Dot Net Framework doesn’t run on Server Core, and because PowerShell is dependent on .Net, this is the reason that PowerShell can’t run on Server Core. So in summary… Microsoft’s new command line scripting language, doesn’t run on Microsoft’s first server product that only supports the command line. I’m sure that future versions of Server Core will fix this, but this is the situation now.

But Irony aside, PowerShell will be an important scripting language to learn, and even though it can’t run on Server Core, you can still run it on a supported system to manage a Server Core server. (The same goes for any other management console that can connect to a remote server.) So if you’ve been putting off learning about PowerShell, then now is a good time to get stuck in. Here’s a collection of good links to get you started…

Microsoft links:

3rd Party Sites:

TechNet Blogs – Longhorn is released

Any Microsoft Infrastructure consultant should be subscribed to the main TechNet Blogs feed. It can be a bit too much at times as there are hundreds of posts per day, but you can pick out some gems in there if you look carefully. It’s also quite interesting watching the feed as a new beta is released – hundreds of MS developers/architects/consultants/engineers each post about the release and you can pick up lots of interesting links through the posts.

Here are just a few of the posts I read today:

I’ll update the list as I pick up more interesting ones. (No word from the NZ Microsofties yet…)