Configure iSCSI Initiator on Windows Server Core

To configure the iSCSI Initiator to connect to an iSCSI drive on a Windows Server Core system,  perform the below steps:

  1. Start up the Microsoft iSCSI Initiator service and then configure it to start automatically. You can use the sc (service control) command line tool to set the service for automatic startup:
    sc \\<server_name> config msiSCSI start= auto
    Next, run net start msiSCSI to start the service
  2. Set the advanced features of  the Windows firewall to allow for the iSCSI Initiator service. You can use the netsh command line tool or the Windows Firewall snap-in on a remote Windows Server 2008 system.
  3. Once the iSCSI service has been started, you will need to add a target portal to be able to add the server to the target server and assign LUNs for storage. The below command will perform this:
    iSCSIcli QAddTargetPortal <Portal IP Address>
    Next, configure the LUN information on the target. When the command has completed, run the iSCSIcli ListTargets command to verify the target name. When the target has been identified, you should login to the target using the below command:
    iSCSIcli QloginTarget <Targetname>
    To ensure the target persists after reboots, execute the below command:
    iSCSIcli PersistentLoginTarget <target_iqn> T * * * * * * * * * * * * * * * 0
  4. Ensure that the target and list the mappings on the target have been persisted. The two commands for this are iSCSIcli and ListPersistentTargets.
  5. Confirm connectivity to the storage and then prepare the storage by using diskpart.

For more information on iSCSI on Windows Server please see

Configure Local Security Policy on Windows Server Core

Setting the account policy and local security on a Windows Server  Core system, you must first create a security template on a full Windows Server  installation and subsequently apply these settings to the Windows Server Core system:

On the reference server (ie Windows Server full installation)

  1. From the Start menu, enter secpol.msc in the Start Search box and hit Enter to launch the Local Security Policy snap-in on another system.
  2. Configure the security policies according to your needs,  then right-click the Security Settings and click Export policy to save this as a security template.

On the Server Core server

  1. Copy the newly created security template from the reference server to the Server Core system.
  2. Run the below command to apply the security policy to the server Core system:
    secedit /configure /cfg <Policy File Name> /db secedit.sdb