Configure iSCSI Initiator on Windows Server Core

To configure the iSCSI Initiator to connect to an iSCSI drive on a Windows Server Core system,  perform the below steps:

  1. Start up the Microsoft iSCSI Initiator service and then configure it to start automatically. You can use the sc (service control) command line tool to set the service for automatic startup:
    sc \\<server_name> config msiSCSI start= auto
    Next, run net start msiSCSI to start the service
  2. Set the advanced features of  the Windows firewall to allow for the iSCSI Initiator service. You can use the netsh command line tool or the Windows Firewall snap-in on a remote Windows Server 2008 system.
  3. Once the iSCSI service has been started, you will need to add a target portal to be able to add the server to the target server and assign LUNs for storage. The below command will perform this:
    iSCSIcli QAddTargetPortal <Portal IP Address>
    Next, configure the LUN information on the target. When the command has completed, run the iSCSIcli ListTargets command to verify the target name. When the target has been identified, you should login to the target using the below command:
    iSCSIcli QloginTarget <Targetname>
    To ensure the target persists after reboots, execute the below command:
    iSCSIcli PersistentLoginTarget <target_iqn> T * * * * * * * * * * * * * * * 0
  4. Ensure that the target and list the mappings on the target have been persisted. The two commands for this are iSCSIcli and ListPersistentTargets.
  5. Confirm connectivity to the storage and then prepare the storage by using diskpart.

For more information on iSCSI on Windows Server please see http://blogs.technet.com/daven/archive/2008/06/19/iscsi.aspx

Configure Local Security Policy on Windows Server Core

Setting the account policy and local security on a Windows Server  Core system, you must first create a security template on a full Windows Server  installation and subsequently apply these settings to the Windows Server Core system:

On the reference server (ie Windows Server full installation)

  1. From the Start menu, enter secpol.msc in the Start Search box and hit Enter to launch the Local Security Policy snap-in on another system.
  2. Configure the security policies according to your needs,  then right-click the Security Settings and click Export policy to save this as a security template.

On the Server Core server

  1. Copy the newly created security template from the reference server to the Server Core system.
  2. Run the below command to apply the security policy to the server Core system:
    secedit /configure /cfg <Policy File Name> /db secedit.sdb

Add a DEP Exception for a Program on Windows Server Core

Data Execution Prevention (DEP) is a group of software and hardware which perform additional security checks prevent malicious code from running on a system. However you may wish to turn off DEP for some applications and programs on a Server Core system, to do this perform the below three steps :

1. Check The Current DEP level

Run the below command:

wmic OS Get DataExecutionPrevention_SupportPolicy

This will return an integer which corresponds to a DEP Support Policy:

DEP Support Policy Policy Level Description
2 OptIn?Default? Turn on DEP for essential Windows programs and services only
3 OptOut Turn on DEP for all programs and services except those I select. Admin can add create one DEP exception list
1 AlwaysOn Enable DEP for all process
0 AlwaysOff Disable DEP for all process

2. Alter the DEP Policy Level

To add a program to DEP exception list,  change the Policy Level to “OptOut” (please refer to the above table). The below command will perform this action:

bcdedit.exe /set {current} nx OptOut

Then restart the system.

3. Create An Exception List

Add the application to the DEP exception list by altering the registry as below:

For each application you wish to disable the DEP for,  create a String Value with the name of the value being the full path to the executable (such as C:\Program Files\Windows Live\WindowsLiveWriter.exe) and the value data being “DisableNXShowUI”  under the below registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

Note that using Registry Editor improperly may result  in serious issues that could require a reinstall of Windows. The Registry Editor should be used sparingly and with caution. For more information on the registry see http://support.microsoft.com/?id=256986

Manage Updates on a Windows Server Core System

Windows Server Core saves on system resources, however some familiar features on the  full Windows Server install are not as obvious on Server Core. For performing and managing updates on a Server Core installation you have the below options:

  • To install a Windows update : At the command prompt enter wusa <update>.msu /quiet
  • To list the Windows updates already installed : At the command prompt enter systeminfo
  • To remove a Windows update :
    1.  At the command prompt enter expand /f:* <update>.msu c:\test
    2.  Go to c:\test\ and then open <update>.xml using a text editor
    3.  In <update>.xml, replace Install with Remove and then save the file
    4.  At the command prompt enter pkgmgr /n:<update>.xml
  • Configure automatic Windows updates :
    – To see the current Windows update setting, enter: cscript scregedit.wsf /AU /v
    – To see the automatic Windows updates, enter: cscript scregedit.wsf /AU /4
    – To disable automatic Windows updates, enter: cscript scregedit.wsf /AU /1

Windows Server Core Installation

Server Core Prerequisites

Before installing Server Core you will need the following:

  • The original Windows Server 2008 or 2008 R2  installation media.
  • If you are using Windows Server 2008 you will need a  valid product key (installation can be completed on Windows Server 2008 R2 without a product key).
  • A machine for the  clean Server Core installation (note that there is currently no upgrade option for Server Core – only a new clean installation is available).
  • There is no way to upgrade from a . Only a clean installation is supported.
  • There is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008. If you need the Windows® user interface or a server role that is not supported in a Server Core installation, you will need to install a full installation of Windows Server 2008.

Note that the only option for installing Server Core is a new clean installation, it is not possible to upgrade from a  full installation of Windows Server 2008 to a Server Core installation nor is it possible  to upgrade from any previous version of Windows Server  to  Server Core.

Installation Method 1 – Manually Install Server Core.

Follow the below procedure to install  Server Core:

  1. Insert the  Windows Server 2008 installation media in the DVD drive.
  2. The auto-run dialog will appear, click Install Now.
  3. Follow the stepped instructions  to complete the Server Core Setup.
  4. When Setup has completed, hit   CTRL+ALT+DELETE, click Other User, then type Administrator with a blank password, and hit ENTER. You will then be prompted to create a password for the Administrator account, and the installation will then be complete.

In Windows Server 2008 R2the setup procedure no longer prompts you for a product key.
Continues…