serba serbi microsoft core 2008
### cek user detail ###
net user namauser
### ganti user password ###
net user namauser passwordnya
### delete user AD ###
net user namauser /delete
### masukkan user kedalam group ###
net group groupnya usernya /add
Server Core has a limited amount of roles that can be installed on it, which include:
Active Directory Domain Services (AD DS) and AD Lightweight Directory Services (AD LDS)
DNS Server
Internet Information Services (IIS) (No ASP.NET support)
DHCP Server
File Services
Print Services
Streaming Media Services
Hyper V
Now that doesn't mean that Server Core can't do other things. In fact it can, but Microsoft calls those other items Features and not Roles.
Microsoft Failover Cluster (not available in Standard Edition)
Network Load Balancing
Subsystem for UNIX-based applications
Backup
Multipath IO
Removable Storage Management
Bitlocker Drive Encryption
Simple Network Management Protocol (SNMP)
WINS
Telnet
Later on in the article I will explain how to install these services. But first its time to go over what I believe to be the most commonly requested commands for administrating a Server Core environment.
Server Core Common Networking and Firewall Commands
Here is the start of you Networking and Firewall related commands for Server Core:
Server Core Common Networking Commands
To configure the IP address we will have to remember (or learn) Netsh.
Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary
Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp
Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”
Server Core Common Windows Firewall Commands:
The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.
Disable firewall:
netsh firewall set opmode disable
Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely. The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.
MMC Snap-in - Event Viewer
Windows Firewall Rule Group - Remote Event Log Management
MMC Snap-in - Services
Windows Firewall Rule Group - Remote Services ManagementMMC Snap-in - Shared Folders
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Task Scheduler
Windows Firewall Rule Group - Remote Scheduled Tasks Management
MMC Snap-in - Reliability and Performance
Windows Firewall Rule Group - Performance Logs and Alerts
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management
MMC Snap-in - Windows Firewall with Advanced Security
Windows Firewall Rule Group - Windows Firewall Remote Management
To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes
Server Core Common Domain Management Commands
Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*
needs to have that second d at the end of it.
Remove from domain:
netdom remove
Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*
Rename Administrator:
wmic UserAccount where Name="Administrator" call Rename Name="new-name"
Add User to a Local Group
net localgroup GroupName /add \
Remove User from a Local Group
net localgroup GroupName /delete \
Confirm Domain and/ New Computer name
Set
Update User Passwords:
Net user [/domain] *
Server Core Common Server Management Commands
Toggle Remote Desktop on and off:
Cscript \windows\system32\scregedit.wsf /ar 0
Enable reduced security for RDP connections:
Cscript \windows\system32\scregedit.wsf /cs 0
Active Server Core:
Local method - Slmgr.vbs –ato
Remote method - Cscript windows\system32\slmgr.vbsServerName UserName password:-ato
Rename a Stand-Alone Member:
netdom renamecomputer /NewName:
List of installed patches:
wmic qfe list
Install Updates:
wusa .msu /quiet
Configure for AutoUpdates:
cscript scregedit.wsf /AU /4
Disable AutoUpdates:
cscript scregedit.wsf /AU /1
View AutoUpdate Setting:
cscript scregedit.wsf /AU /v
Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=
Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :
All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat
List Running Services:
sc query
Start and/or Stop a Service:
sc start
sc stop
Task Manager: (Ctrl+Shift+Esc)
taskmgr
Manage Disk Volumes:
Diskpart /?
Defrag a Volume:
defrag /?
Change Time and Time Zone:
control timedate.cpl
Change the Desktop Resolution: (requires you to log off and back on)
Regedit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
\0000\DefaultSettings.XResolution
\0000\DefaultSettings.YResolution
Display the Time in the Command Prompt:
prompt [$t]$s$p$g
Log off:
shutdown /l
Restart Now:
shutdown /r /t 0
To get the Roles and Features installed you are going to need to use the ocsetup.exe command. The OC is short for Optional Components. The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete. Below you will find a list of the commands that are required to install Roles and Features on Server Core.
DNS
start /w ocsetup DNS-Server-Core-Role
DHCP
start /w ocsetup DHCPServerCore
File Services (Server service is installed by default) but there are other role features
File Replication Service
start /w ocsetup FRS-Infrastructure
Distributed File System
start /w ocsetup DFSN-Server
Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition
Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base
Hyper V
start /w ocsetup Microsoft-Hyper-V
Print Server feature
start /w ocsetup Printing-ServerCore-Role
Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService
Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore
Active Directory Domain Services
dcpromo /unattend:
Streaming Media Services
Follow directions found in Article ID 934518
IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Now let's take a look at how we install Features on Server Core:
Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core
Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-based applications
start /w ocsetup SUACore
Multipath IO
start /w ocsetup MultipathIo
Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore
Bitlocker Drive Encryption
start /w ocsetup BitLocker
Backup
start /w ocsetup WindowsServerBackup
Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC
Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC
Telnet client
start /w ocsetup TelnetClient
View password and logon requirements for the network domain.
NET ACCOUNTS /DOMAIN
Set the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire
NET ACCOUNTS /FORCELOGOFF:minutes /DOMAIN
Prevent forced logoff when user accounts expire
NET ACCOUNTS /FORCELOGOFF:NO /DOMAIN
Set the minimum number of characters for a password.
NET ACCOUNTS /MINPWLEN:C /DOMAIN
The range is 0-14 characters; the default is 6 characters.
Set the maximum number of days that a password is valid.
NET ACCOUNTS /MAXPWAGE:dd /DOMAIN
The range is 1-49710; the default is 90 days.
Set passwords to never expire.
NET ACCOUNTS /MAXPWAGE:UNLIMITED /DOMAIN
Set a minimum number of days that must pass before a user can change a password (default = 0)
NET ACCOUNTS /MINPWAGE:dd /DOMAIN
Require that new passwords be different from 'x' number of previous passwords
NET ACCOUNTS /UNIQUEPW:x /DOMAIN
The range for 'x' is 1-24
Synchoronise the user accounts database (PDC and BDC)
NET ACCOUNTS /SYNC /DOMAIN
View user account details
NET USER [/DOMAIN]
Add a user account.
NET USER username {password | *} /ADD [options] [/DOMAIN]
Modify a user account.
NET USER [username [password | *] [options]] [/DOMAIN]
Delete a username
NET USER username [/DELETE] [/DOMAIN]
Generate a random password:
NET USER administrator /random
Add a Workgroup
NET GROUP groupname /ADD [/COMMENT:"text"] [/DOMAIN]
Edit a workgroup
NET GROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
Delete a group
NET GROUP groupname /DELETE [/DOMAIN]
Add a user to a group
NET GROUP groupname username [...] /ADD [/DOMAIN]
Delete a user from a group
NET GROUP groupname username [...] /DELETE [/DOMAIN]
To View, Add or modify a local workgroup replace GROUP in the commands above with LOCALGROUP.
Parameter Description
Specifies the name of the user account to add, delete, modify, or view. The name of the user account can have as many as 20 characters.
Assigns or changes a password for the user's account. Type an asterisk (*) to produce a prompt for the password. The password is not displayed when the user types it at the password prompt.
/domain Performs the operation on the domain controller in the computer's primary domain.
Specifies a command-line option. Refer to the next table for descriptions of the command-line option syntax.
net help
Displays help for the specified net command.
Command-line option syntax Description
/active:{no | yes}
Enables or disables the user account. If the user account is not active, the user cannot access resources on the computer. The default is yes (that is, active).
/comment:""
Provides a descriptive comment about the user's account. This comment can have as many as 48 characters. Enclose the text in quotation marks.
/countrycode:
Uses the operating system Country/Region codes to implement the specified language files for a user's Help and error messages. A value of 0 signifies the default Country/Region code.
/expires:{{ | | } | never}
Causes the user account to expire if you specify the date. Expiration dates can be in [MM/DD/YYYY], [DD/MM/YYYY], or [mmm,dd,YYYY] formats, depending on the Country/Region code. Note that the account expires at the beginning of the specified date. For the month value, you can use numbers, spell it out, or use a three-letter abbreviation (that is, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec). You can use two or four numbers for the year value. Use commas or slashes to separate parts of the date. Do not use spaces. If you omit, the next occurrence of the date (that is, according to your computer's date and time) is assumed. For example, the following entries are equivalent if entered between Jan. 10, 1994, and Jan. 8, 1995:
jan,9
1/9/95
january,9,1995
1/9
/fullname:""
Specifies a user's full name rather than a user name. Enclose the name in quotation marks.
/homedir:
Sets the path for the user's home directory. The path must exist.
/passwordchg:{yes | no}
Specifies whether users can change their own password. The default is yes.
/passwordreq:{yes | no}
Specifies whether a user account must have a password. The default is yes.
/profilepath:[]
Sets a path for the user's logon profile. This path points to a registry profile.
/scriptpath:
Sets a path for the user's logon script. cannot be an absolute path. is relative to %systemroot%\System32\Repl\Import\Scripts.
/times:{[<-Day>][,[-]],
net user namauser
### ganti user password ###
net user namauser passwordnya
### delete user AD ###
net user namauser /delete
### masukkan user kedalam group ###
net group groupnya usernya /add
Server Core has a limited amount of roles that can be installed on it, which include:
Active Directory Domain Services (AD DS) and AD Lightweight Directory Services (AD LDS)
DNS Server
Internet Information Services (IIS) (No ASP.NET support)
DHCP Server
File Services
Print Services
Streaming Media Services
Hyper V
Now that doesn't mean that Server Core can't do other things. In fact it can, but Microsoft calls those other items Features and not Roles.
Microsoft Failover Cluster (not available in Standard Edition)
Network Load Balancing
Subsystem for UNIX-based applications
Backup
Multipath IO
Removable Storage Management
Bitlocker Drive Encryption
Simple Network Management Protocol (SNMP)
WINS
Telnet
Later on in the article I will explain how to install these services. But first its time to go over what I believe to be the most commonly requested commands for administrating a Server Core environment.
Server Core Common Networking and Firewall Commands
Here is the start of you Networking and Firewall related commands for Server Core:
Server Core Common Networking Commands
To configure the IP address we will have to remember (or learn) Netsh.
Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary
Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp
Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”
Server Core Common Windows Firewall Commands:
The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.
Disable firewall:
netsh firewall set opmode disable
Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely. The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.
MMC Snap-in - Event Viewer
Windows Firewall Rule Group - Remote Event Log Management
MMC Snap-in - Services
Windows Firewall Rule Group - Remote Services ManagementMMC Snap-in - Shared Folders
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Task Scheduler
Windows Firewall Rule Group - Remote Scheduled Tasks Management
MMC Snap-in - Reliability and Performance
Windows Firewall Rule Group - Performance Logs and Alerts
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management
MMC Snap-in - Windows Firewall with Advanced Security
Windows Firewall Rule Group - Windows Firewall Remote Management
To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes
Server Core Common Domain Management Commands
Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*
needs to have that second d at the end of it.
Remove from domain:
netdom remove
Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*
Rename Administrator:
wmic UserAccount where Name="Administrator" call Rename Name="new-name"
Add User to a Local Group
net localgroup GroupName /add \
Remove User from a Local Group
net localgroup GroupName /delete \
Confirm Domain and/ New Computer name
Set
Update User Passwords:
Net user [/domain] *
Server Core Common Server Management Commands
Toggle Remote Desktop on and off:
Cscript \windows\system32\scregedit.wsf /ar 0
Enable reduced security for RDP connections:
Cscript \windows\system32\scregedit.wsf /cs 0
Active Server Core:
Local method - Slmgr.vbs –ato
Remote method - Cscript windows\system32\slmgr.vbsServerName UserName password:-ato
Rename a Stand-Alone Member:
netdom renamecomputer /NewName:
List of installed patches:
wmic qfe list
Install Updates:
wusa .msu /quiet
Configure for AutoUpdates:
cscript scregedit.wsf /AU /4
Disable AutoUpdates:
cscript scregedit.wsf /AU /1
View AutoUpdate Setting:
cscript scregedit.wsf /AU /v
Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=
Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :
All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat
List Running Services:
sc query
Start and/or Stop a Service:
sc start
sc stop
Task Manager: (Ctrl+Shift+Esc)
taskmgr
Manage Disk Volumes:
Diskpart /?
Defrag a Volume:
defrag /?
Change Time and Time Zone:
control timedate.cpl
Change the Desktop Resolution: (requires you to log off and back on)
Regedit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
\0000\DefaultSettings.XResolution
\0000\DefaultSettings.YResolution
Display the Time in the Command Prompt:
prompt [$t]$s$p$g
Log off:
shutdown /l
Restart Now:
shutdown /r /t 0
To get the Roles and Features installed you are going to need to use the ocsetup.exe command. The OC is short for Optional Components. The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete. Below you will find a list of the commands that are required to install Roles and Features on Server Core.
DNS
start /w ocsetup DNS-Server-Core-Role
DHCP
start /w ocsetup DHCPServerCore
File Services (Server service is installed by default) but there are other role features
File Replication Service
start /w ocsetup FRS-Infrastructure
Distributed File System
start /w ocsetup DFSN-Server
Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition
Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base
Hyper V
start /w ocsetup Microsoft-Hyper-V
Print Server feature
start /w ocsetup Printing-ServerCore-Role
Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService
Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore
Active Directory Domain Services
dcpromo /unattend:
Streaming Media Services
Follow directions found in Article ID 934518
IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Now let's take a look at how we install Features on Server Core:
Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core
Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-based applications
start /w ocsetup SUACore
Multipath IO
start /w ocsetup MultipathIo
Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore
Bitlocker Drive Encryption
start /w ocsetup BitLocker
Backup
start /w ocsetup WindowsServerBackup
Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC
Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC
Telnet client
start /w ocsetup TelnetClient
View password and logon requirements for the network domain.
NET ACCOUNTS /DOMAIN
Set the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire
NET ACCOUNTS /FORCELOGOFF:minutes /DOMAIN
Prevent forced logoff when user accounts expire
NET ACCOUNTS /FORCELOGOFF:NO /DOMAIN
Set the minimum number of characters for a password.
NET ACCOUNTS /MINPWLEN:C /DOMAIN
The range is 0-14 characters; the default is 6 characters.
Set the maximum number of days that a password is valid.
NET ACCOUNTS /MAXPWAGE:dd /DOMAIN
The range is 1-49710; the default is 90 days.
Set passwords to never expire.
NET ACCOUNTS /MAXPWAGE:UNLIMITED /DOMAIN
Set a minimum number of days that must pass before a user can change a password (default = 0)
NET ACCOUNTS /MINPWAGE:dd /DOMAIN
Require that new passwords be different from 'x' number of previous passwords
NET ACCOUNTS /UNIQUEPW:x /DOMAIN
The range for 'x' is 1-24
Synchoronise the user accounts database (PDC and BDC)
NET ACCOUNTS /SYNC /DOMAIN
View user account details
NET USER [/DOMAIN]
Add a user account.
NET USER username {password | *} /ADD [options] [/DOMAIN]
Modify a user account.
NET USER [username [password | *] [options]] [/DOMAIN]
Delete a username
NET USER username [/DELETE] [/DOMAIN]
Generate a random password:
NET USER administrator /random
Add a Workgroup
NET GROUP groupname /ADD [/COMMENT:"text"] [/DOMAIN]
Edit a workgroup
NET GROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
Delete a group
NET GROUP groupname /DELETE [/DOMAIN]
Add a user to a group
NET GROUP groupname username [...] /ADD [/DOMAIN]
Delete a user from a group
NET GROUP groupname username [...] /DELETE [/DOMAIN]
To View, Add or modify a local workgroup replace GROUP in the commands above with LOCALGROUP.
Parameter Description
/domain Performs the operation on the domain controller in the computer's primary domain.
Specifies a command-line option. Refer to the next table for descriptions of the command-line option syntax.
net help
Displays help for the specified net command.
Command-line option syntax Description
/active:{no | yes}
Enables or disables the user account. If the user account is not active, the user cannot access resources on the computer. The default is yes (that is, active).
/comment:"
Provides a descriptive comment about the user's account. This comment can have as many as 48 characters. Enclose the text in quotation marks.
/countrycode:
Uses the operating system Country/Region codes to implement the specified language files for a user's Help and error messages. A value of 0 signifies the default Country/Region code.
/expires:{{
Causes the user account to expire if you specify the date. Expiration dates can be in [MM/DD/YYYY], [DD/MM/YYYY], or [mmm,dd,YYYY] formats, depending on the Country/Region code. Note that the account expires at the beginning of the specified date. For the month value, you can use numbers, spell it out, or use a three-letter abbreviation (that is, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec). You can use two or four numbers for the year value. Use commas or slashes to separate parts of the date. Do not use spaces. If you omit
jan,9
1/9/95
january,9,1995
1/9
/fullname:"
Specifies a user's full name rather than a user name. Enclose the name in quotation marks.
/homedir:
Sets the path for the user's home directory. The path must exist.
/passwordchg:{yes | no}
Specifies whether users can change their own password. The default is yes.
/passwordreq:{yes | no}
Specifies whether a user account must have a password. The default is yes.
/profilepath:[
Sets a path for the user's logon profile. This path points to a registry profile.
/scriptpath:
Sets a path for the user's logon script.
/times:{
Comments
Post a Comment