Windows Server blog by Kurt Roggen [BE]

Microsoft IT (MSIT) deployed the Server Core installation option of Windows Server 2008 where it needed a server to be dedicated solely to the roles and features that a Server Core installation supports.

Some benefits:

• Reduced management and maintenance
• Reduced attack surface
• Streamlined installation
• Maximized hardware utilization
• Support of IT management strategy
• Improved failover clustering

Download case study here and presentation here.

For more information: Microsoft Technet

In the Server Core installation option, there is a way to remove the server roles and optional features from the disk, to free up even more space. In addition to reducing disk usage, this could be used to ensure an administrator doesn’t add a role or feature to a server that is supposed to perform a fixed function.

Run: pkgmgr /up:<package to remove>

You will see the disk space used by the role or feature is freed up. OCList will no longer show the role or feature as being available, and trying to install it using ocsetup will result in an error.
Once again, read the warning above – there is no way to put the role or feature back, it is permanently gone from the system.

For more information: Server Core Product team

As you probably still remember from my previous post "RSAT (Remote Server Administration Tools): what's included and what's NOT!!", some snapins are still missing from RSAT.
Here's a way to get the WDS snapin running on your Vista workstation for remote administration of your Windows Server 2003 and/or Windows Server 2008-based Windows Deployment Servers, by taking the following unsupported steps:

Step 1: Locate a Windows 2008 Server which has the WDS Server Role installed via Server Manager features/roles.
The installed OS platform architecture must match your client (use 32-bit OS server if using 32-bit OS client, and the same for 64-bit).

Step 2: Locate the following files:

%systemroot%\system32\WdsMgmt.msc
%systemroot%\system32\en-US\WdsMgmt.msc

%systemroot%\system32\wdsmgmt.dll
%systemroot%\system32\en-US\wdsmgmt.dll.mui

%systemroot%\system32\WdsImage.dll
%systemroot%\system32\en-US\WdsImage.dll.mui

%systemroot%\system32\wdscsl.dll
%systemroot%\system32\wdstptc.dll

%systemroot%\system32\WdsTptMgmt.dll
%systemroot%\system32\en-US\WdsTptMgmt.dll.mui

%systemroot%\system32\wdsmmc.dll
%systemroot%\system32\en-US\wdsmmc.dll.mui

NOTE: If not running US English, the path would not be EN-US; it would be the language(s) running on the server

If you don't have a running WDS server, here are all the files you need for a Vista (en-US) x86 and x64.  I've even included an install.cmd and instructions.txt file.

Step 3: Copy all files to the Vista machine running RSAT tools and place them in the same paths as above (step 2).

Step 4: Run as an administrator:

regsvr32 WdsMgmt.dll
regsvr32 WdsTptMgmt.dll
regsvr32 WdsMmc.dll

Step 5: Create a shortcut in the %ProgramData%\Microsoft\Windows\Start Menu\Programs\Administrative Tools to the WDS snapin (WdsMgmt.msc).

 

Here you go!!

Related reading:

• Windows Server 2008: Windows Deployment Services (WDS)
• Windows Server 2008 Technical Library: Windows Deployment Services
• RSAT (Remote Server Administration Tools): what's included and what's NOT!!

A while ago, I've blogged about the "Start GPOs" concept as Group Policy base templates and today a first set of downloadable templates (Start GPOs) are made available.

Starter Group Policy objects (GPOs), introduced in Group Policy (GPMC) for Windows Server 2008, are collections of configured Administrative template (.admx) policy settings that you can use to create a live GPO.
You can use one Starter GPOs package to create live GPOs that can be applied to clients running Windows Vista; the other package can be used to create live GPOs that can be applied to clients running Windows XP with Service Pack 2 and later.  Each of the two packages (Windows Vista and Windows XP SP2) in this download contains four starter GPOs.

The Starter GPOs in the Windows Vista package are based on recommended settings for the Specialized Security - Limited Functionality (SSLF) and Enterprise Client (EC) environments, as documented in the Windows Vista Security Guide. 

The Starter GPOs in the Windows XP SP 2 or later package are based on the same settings for the same environments, as documented in the Windows XP Security Guide.

NOTE: You can start using the StarterGPOs functionality without needing Windows Server 2008, using the new GPMC as part of the Vista SP1 RSAT bundle.

Getting started!

After installing both packages, you just have to load the .CAB files into the Starter GPOs container from the installed location (default: %Program Files%\Microsoft Group Policy\StarterGPOs) using GPMC.

And you're ready to go, creating new Group Policy object based on the GPO templates or Starter GPOs.

 

And what exact settings are in it?  Have a look through Settings tab...

All StarterGPOs are stored inside the domain SYSVOL StarterGPOs folder.

Remember, nothing prevents you from creating your own StarterGPO for special roles/purposes you have in mind from within the StarterGPOs node inside GPMC ...

Download the StarterGPO packages here.

Related reading:

• Windows Server 2008 & Group Policy Management Console (GPMC)
• RSAT (Remote Server Administration Tools), GPMC (Group Policy Mgmt Console) & Vista SP1
• Advanced Group Policy Management (AGPM)

I'm sure by now, you've heard and read it many times: the next generation of adminpak tools is out, allowing remote administration for Windows Server 2003/2008 from a Vista SP1 client. But some stuff is actually still missing...

The following list of Windows Server 2008 administration tools are included in RSAT:

The following tools listed below are fully supported for managing Windows Server 2003 servers as well:

• Active Directory Domain Services (AD DS) Tools
• Active Directory Lightweight Directory Services (AD LDS) Tools
• Active Directory Certificate Services (AD CS) Tools
• DHCP Server Tools
• DNS Server Tools
• Group Policy Management Tools
• Network Load Balancing Tools
• Terminal Services Tools
• Universal Description, Discovery, and Integration (UDDI) Services Tools

The following Windows Server 2008 Administrative Tools are NOT available through RSAT:

• Active Directory Rights Management Services (AD RMS) Tools
• Fax Service Manager
• Network Policy and Access Services (NPS) Tools (has no remote connectivity functionality)
• Server Manager (has no remote connectivity functionality - top feature request #1 - Server Manager product team is looking how to get this done in next release)
• iSNS (Internet Storage Name Service)
• Storage Explorer
• Windows Media Services (available through separate addon for x86 and x64)
• WINS (Windows Internet Name Service)
• Windows Server Backup
• Windows Deployment Services (WDS) Tools
• IIS 7 Manager (available through separate addon for x86 and x64)
• Hyper-V Tools (available through separate addon for x86 and x64 - More information: Q949758)

NOTE:  You might be missing all Terminal Services tabs from the RSAT Active Directory Users & Computers (ADUC).
For instructions on how to work around this problem, have a look at "Getting the Terminal Services Tabs to Appear in AD Users and Computers" - x86 and x64 files here.

Related Reading:

Microsoft Remote Server Administration Tools (RSAT) enables administrators to remotely manage roles and features in Windows Server 2008 from a computer running Windows Vista with Service Pack 1.  It includes support for remote management of computers running a Server Core or Full Server installation of Windows Server 2008.  This feature has been requested by customers as a replacement for the Windows Server 2003 Administration Tools Pack.   

Installing RSAT is a 2 step process:

1. Installing RSAT package
2. Installing the RSAT components

After installing the RSAT update package (Windows6.0-KB941314-x86.msu/Windows6.0-KB941314-x64.msu) - containing most feature and role based administration tools - these snapins are accessible through Control Panel/Programs & Features/Windows Features - for installation.

But how do you get RSAT installed on your Vista SP1 administrator machines in an unattended way.
Quite simple... Follow the above described 2 step process:

1. wusa Windows6.0-KB941314-x86.msu /quiet
2. start /w ocsetup <component>
   

Below you can find a list of the current RSAT components available for installation on Windows Vista SP1.

Installing RSAT components in Windows Server 2008 (full installation) is much more straight forward via ServerManagerCmd.
To find the list of available RSAT component names in Windows Server 2008 use ServerManagerCmd.exe -query.
I already discussed this in a previous post: "Server Manager - Adding Roles & Features"

However, not all Windows Server 2008 administrative tools are available on Vista, not even all information within those administrative tools are available...
More about this in my next post!

Related reading:

• Remote Server Administrator Tools (RSAT) for Vista SP1
• RSAT (Remote Server Administration Tools), GPMC (Group Policy Mgmt Console) & Vista SP1