Connecting to Windows Server 2008 Server Core

Jason WatkinsIT Project Leader
Windows Server 2008 Server core is meant to be administered remotely from a Windows Vista workstation or traditional version of Windows Server 2008. Whether attached to a Windows domain or just a part of a workgroup, Server Core can be managed via Windows Remote Desktop, Microsoft Management Console, or the Remote Server Administration Tools (RSAT). The key to starting is knowing what environment server core will be working in, and the Windows Firewall.

The Windows Firewall is enabled by default on ALL installations of Windows Server 2008, including Server Core. The same tools can be used in both a workgroup or domain environments, but the latter is much easier.

To enable remote desktop enter the following command:

cscript scregedit.wsf /ar 0 (a value of 1 disables RDP)

If Active Directory domain membership is required, join the domain before enabling RDP or else it will have to be re-enabled again.  At least now, one will not need to sit in front of the actual machine to administer.

The later version of remote desktop, 6.x, and the Network Location Awareness service is a substantial increase to Windows network security.  It would be best to force this type of connection to server core when connecting with remote desktop. To do so, run the following syntax:

cscript scregedit.wsf /cs 1

Windows XP Service Pack 3 or with the latest version of remote desktop or later will be required to connect to server core from there.

An exception to the Windows Firewall has to be made before RDP will actually work, just like on all other versions of Windows

netsh advfirewall firewall set rule group= "Remote Desktop" new enable=yes ~ Will do the trick.

Although, if you would like to make an exception so that the server's firewall could be managed from a remote machine via MMC console, enter the following code:

netsh advfirewall firewall set rule group= "Windows Firewall Remote Management" new enable=yes

Now, from a Windows Vista or other 2008 Server you could create a custom MMC console to manage the server core's firewall.  A little easier than dealing with netsh.

To go all the way and open server core's firewall to allow the "Computer Management" snap-in to manage the machine, enter the following code:

netsh advfirewall firewall set rule group= "Remote Administration" new enable=yes

On another Windows Vista or Windows Server 2008 computer, type mmc in the run dialog box and add the Computer Management snap-in. When asked for the focus of the console (snap-in), select other computer, then enter the computer name or IP address of the server core computer.

These methods are fine for getting the server up and running and performing some basic configuration. To truly manage server core from another PC and have complete control and functionality, you need to install Microsoft's Remote Server Administration Tools (RSAT). RSAT is a free download and can be installed on a Windows Vista or Server 2008 computer, but not the server core itself.  The installer will place the consoles and snap-in's necessary for complete server control, those that are not a part of Windows Vista. Items like Active Directory Users and Computers, Storage Manager, etc...

Install RSAT, then enable the new features by going to the Control Panel, Programs and Features, Turn Windows Features On or Off. Look for the Remote Server Administration Tools, then expand it and check the features desired.  The Windows Vista Logo Menu will have to be modified to show all Administrative Tools.

Whether the server core machine is in a domain or part of a Windows workgroup all of the connections have been enabled to get the machine working.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.