Monday, 17 August 2020

Administering Server core infrastructure.

There still seems to be some apprehension around server core servers.

That supporting core servers requires all work to be executed from the Powershell command line.


Whilst this is entirely possible, for those inclined, I am not one of those people.

I dabble with scripts when I have to, but if/then and for/next loops are not my cup of tea.

Since working in the industry, it has been known that, there are fundamentally 2 ways of working on a server:

  1. connect to the server via a remote desktop connection and administer the roles and services directly on the desktop of the server.

  2. Install RSAT tools to your own desktop and use those tools to connect remotely



Enter RSAT – Remote server administration tools.



RSAT has been around since Vista, if not before.

enables IT administrators to remotely manage roles and features in Windows Server from a computer that is running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.

  • from the Microsoft rsat introduction.


For a full list of tools available, see:

https://support.microsoft.com/en-gb/help/2693643/remote-server-administration-tools-rsat-for-windows-operating-systems



Of note, top hits are :

  • Active Directory Certificate Services (AD CS) Tools



  • Active Directory Domain Services (AD DS) Tools



  • DHCP Server Tools



  • DNS Server Tools



So what's the difference between accessing a server remotely that does and doesn't have a GUI?

Practically nothing.



Installing windows server core is the same as installing server with GUI



Its surprising what you can actually run locally on a core server


Not that you ever actually need to log on locally, save for first-time configuration.

This can be done easily with sconfig.exe:



As you can see, a lot of the basic setup needs are right here, from windows updates, to setting network adaptor settings.

As long as 4) Configure Remote Management is enabled, that should be all you need to get going.



The future – Well, not quite.



In April of 2018, Microsoft released the Windows Admin Center.

Now you can remotely manage Windows Server running anywhere—physical, virtual, on-premises, in Azure, or in a hosted environment. The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface. “

-From the data sheet.



This admin centre can be installed locally on an administrators pc, or on a server.

This installs a web server that gives you the web portal and you can add both client machines as well as servers, querying the domain controller directly and connecting to machines via Powershell, presenting the results within the browser.






This the list of options available on a server can be found here:

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/use/manage-servers


There is the option to add a GUI after the fact, should you have a need.

The process for this is just a web search away.

Why would you wish to add a GUI?

There are a number of use cases that require a GUI, the first one I came into contact with is that Network Policy Server used for Routing and Remote Access requires a GUI to run, but Routing and Remote Access does not, so if you wish to keep the two services separate for contingency purposes this is possible.

Windows Deployment services is another such example.


I have been running the following services quite happily for about 6 months now:

  • Hyper-V
  • Domain controller
  • Routing and Remote Access
  • Certificate Authority
  • SQL Server 2019
  • Volume Licensing

Things that are running with a GUI:

  • Network Policy Server
  • Windows Deployment Services
Its been a learning curve, don't get me wrong, but the resource savings makes it worth it. reduced RAM reliance in may case, by about 2-4 GB per server and storage of 10-14 GB.

Managing virtual guests by Hyper-V manager makes things easier, but Windows admin center makes management even more central.

Have I missed anything or made a mistake? Do you have something you would like to see in the next post?
leave a comment or drop me message.

No comments:

Post a Comment