1 00:00:00,000 --> 00:00:01,260 2 00:00:01,260 --> 00:00:04,250 In this Nugget, we're going to be talking about configuring 3 00:00:04,250 --> 00:00:05,100 Server Core. 4 00:00:05,100 --> 00:00:07,170 This is really a very simple Nugget, and I just have one 5 00:00:07,170 --> 00:00:07,930 white board. 6 00:00:07,930 --> 00:00:09,900 So I have an introductory white board other than what we 7 00:00:09,900 --> 00:00:10,790 see right here. 8 00:00:10,790 --> 00:00:14,760 We'll just get right into configuring Server Core. 9 00:00:14,760 --> 00:00:17,270 Let's take a look here at configuring Server Core. 10 00:00:17,270 --> 00:00:19,280 Now, I mentioned in a previous Nugget, but I don't want to 11 00:00:19,280 --> 00:00:22,460 extrapolate too terribly much on Core by itself, only 12 00:00:22,460 --> 00:00:24,630 because a lot of what we do there is really just 13 00:00:24,630 --> 00:00:25,600 PowerShell. 14 00:00:25,600 --> 00:00:28,340 And anything that I show you on a full edition of 2012 will 15 00:00:28,340 --> 00:00:32,020 also apply to the Core edition of 2012, unless that 16 00:00:32,020 --> 00:00:35,220 commandlet has something to do with the full GUI. 17 00:00:35,220 --> 00:00:37,400 So otherwise, it will all still apply either away. 18 00:00:37,400 --> 00:00:39,540 And many of the commands may be available for you up there 19 00:00:39,540 --> 00:00:42,940 on that PowerShell cheat sheet that I mentioned previously. 20 00:00:42,940 --> 00:00:45,370 Also, some of the other commands you can use and some 21 00:00:45,370 --> 00:00:47,080 of the other aliases, let's take a look at that. 22 00:00:47,080 --> 00:00:49,020 What's, first of all, an alias? 23 00:00:49,020 --> 00:00:52,200 Well, this is what gives us basically the functionality of 24 00:00:52,200 --> 00:00:53,840 a command prompt. 25 00:00:53,840 --> 00:00:56,490 So if we're at a PowerShell prompt-- 26 00:00:56,490 --> 00:00:59,260 let's say if I go down here to the quick launch area and I 27 00:00:59,260 --> 00:01:01,450 just launch Windows PowerShell-- 28 00:01:01,450 --> 00:01:03,020 then I can type, of course, PowerShell 29 00:01:03,020 --> 00:01:03,770 commandlets in here. 30 00:01:03,770 --> 00:01:07,620 But also, notice that I can do things such a simple command 31 00:01:07,620 --> 00:01:11,710 prompt items that I would have normally had from a cmd.exe. 32 00:01:11,710 --> 00:01:13,100 What's an example? 33 00:01:13,100 --> 00:01:14,350 How about dir? 34 00:01:14,350 --> 00:01:16,190 That's just a directory listing, right? 35 00:01:16,190 --> 00:01:18,140 Well, that's not a PowerShell commandlet. 36 00:01:18,140 --> 00:01:21,290 It's an alias, though, that kind that points back to the 37 00:01:21,290 --> 00:01:23,780 command prompt functionality, and it still gives me a good 38 00:01:23,780 --> 00:01:24,910 result with that. 39 00:01:24,910 --> 00:01:26,930 So most of things you can do in a command prompt, you can 40 00:01:26,930 --> 00:01:31,830 still do in a PowerShell console through aliases. 41 00:01:31,830 --> 00:01:33,980 And you don't need to know anything else special or 42 00:01:33,980 --> 00:01:36,210 elaborate to be able to use them. 43 00:01:36,210 --> 00:01:38,080 It's just that it does that for you. 44 00:01:38,080 --> 00:01:41,000 Anything you already know about command prompt commands 45 00:01:41,000 --> 00:01:43,280 you can still do in a PowerShell window. 46 00:01:43,280 --> 00:01:44,900 Also, there's other commands. 47 00:01:44,900 --> 00:01:47,340 And this is just a couple of examples, for example, the 48 00:01:47,340 --> 00:01:50,890 dism, the deployment image servicing and the management 49 00:01:50,890 --> 00:01:52,270 item that you can use. 50 00:01:52,270 --> 00:01:54,795 I give you some examples of that in the PowerShell cheat 51 00:01:54,795 --> 00:01:55,370 sheet as well. 52 00:01:55,370 --> 00:01:57,890 Even though it's not a PowerShell commandlet, you can 53 00:01:57,890 --> 00:02:00,520 still use that from within a PowerShell 54 00:02:00,520 --> 00:02:02,410 command prompt window. 55 00:02:02,410 --> 00:02:03,910 Then of course, the other thing you could do would be to 56 00:02:03,910 --> 00:02:05,600 use simple remote administration. 57 00:02:05,600 --> 00:02:08,560 You could get through a console, for example. 58 00:02:08,560 --> 00:02:12,870 Or certain PowerShell commands will allow you to enter in the 59 00:02:12,870 --> 00:02:18,250 computer name flag like that. 60 00:02:18,250 --> 00:02:19,830 And then you just enter in whatever the name of the 61 00:02:19,830 --> 00:02:21,340 computer is in here. 62 00:02:21,340 --> 00:02:23,380 And then you can also use something like SConfig, which 63 00:02:23,380 --> 00:02:24,110 I really like. 64 00:02:24,110 --> 00:02:27,155 It actually debuted with Server 2008 R2. 65 00:02:27,155 --> 00:02:30,210 And it's a great way to configure core machines. 66 00:02:30,210 --> 00:02:32,090 Let's go ahead and take a look here first of all, though, at 67 00:02:32,090 --> 00:02:33,600 a little bit of background on how I'm going to 68 00:02:33,600 --> 00:02:34,900 show this to you. 69 00:02:34,900 --> 00:02:37,680 This is a physical computer that we're looking at. 70 00:02:37,680 --> 00:02:41,130 And this is my Hyper-V host computer. 71 00:02:41,130 --> 00:02:45,230 You could see here that I've got a few Hyper-V items 72 00:02:45,230 --> 00:02:47,520 running inside of this. 73 00:02:47,520 --> 00:02:50,320 One of them is DC Nugget 1, which I'm going to make a 74 00:02:50,320 --> 00:02:53,190 domain controller in an upcoming Nugget here. 75 00:02:53,190 --> 00:02:56,040 And then I'm also going to work here, in this case, with 76 00:02:56,040 --> 00:02:57,780 VMC Nugget 02. 77 00:02:57,780 --> 00:03:01,760 This is a baseline configuration of server core 78 00:03:01,760 --> 00:03:04,250 and I have really no configuration at all going on 79 00:03:04,250 --> 00:03:05,270 with this so far. 80 00:03:05,270 --> 00:03:07,270 So it's kind of pretty much right out of the box. 81 00:03:07,270 --> 00:03:09,470 And I'm just going to minimize that background window so as 82 00:03:09,470 --> 00:03:11,580 to be a little less distracting. 83 00:03:11,580 --> 00:03:13,935 Now, how would I go ahead and configure this? 84 00:03:13,935 --> 00:03:15,650 Well, there are a few ways of doing this. 85 00:03:15,650 --> 00:03:17,310 And I want to point out first of all that I do have a 86 00:03:17,310 --> 00:03:20,020 document available for you here. 87 00:03:20,020 --> 00:03:23,300 And it's called "Server Core Configuration," and it's a PDF 88 00:03:23,300 --> 00:03:25,310 for you available up on nuggetlab.com. 89 00:03:25,310 --> 00:03:27,630 There's a lot of guidance here in the beginning, which I 90 00:03:27,630 --> 00:03:29,250 won't elaborate on right now, but you can 91 00:03:29,250 --> 00:03:30,480 take a look at that. 92 00:03:30,480 --> 00:03:32,050 And then, here I'm just going to show you some things, such 93 00:03:32,050 --> 00:03:35,170 as how to configure some of the basic properties. 94 00:03:35,170 --> 00:03:37,160 And you can do this using NetShell. 95 00:03:37,160 --> 00:03:39,840 Now of course, there might be other tools you can use well. 96 00:03:39,840 --> 00:03:42,400 Nevertheless, even on a core installation that has 97 00:03:42,400 --> 00:03:44,620 PowerShell, NetShell seems to still be the 98 00:03:44,620 --> 00:03:45,590 preferred method here. 99 00:03:45,590 --> 00:03:49,110 So how would I do this if I wanted to configure a static 100 00:03:49,110 --> 00:03:50,570 IP address? 101 00:03:50,570 --> 00:03:52,840 Well, the first thing I need to know is to know what the 102 00:03:52,840 --> 00:03:54,130 interfaces are. 103 00:03:54,130 --> 00:03:58,160 So I do a "netsh interface ipv4," which is still the 104 00:03:58,160 --> 00:04:01,780 predominant version of IP that we're using here, and then 105 00:04:01,780 --> 00:04:05,960 "show interfaces." 106 00:04:05,960 --> 00:04:07,970 And then what that tells me is really the key 107 00:04:07,970 --> 00:04:10,160 here being the index. 108 00:04:10,160 --> 00:04:11,570 So I can use the index. 109 00:04:11,570 --> 00:04:14,140 Or for certain other things, I can use something called just 110 00:04:14,140 --> 00:04:15,370 whatever the name is. 111 00:04:15,370 --> 00:04:19,459 Notice that it used to say "local area network" used to 112 00:04:19,459 --> 00:04:20,310 be the name. 113 00:04:20,310 --> 00:04:23,690 Now Microsoft has gratefully shortened that to just 114 00:04:23,690 --> 00:04:25,310 "ethernet" in this case. 115 00:04:25,310 --> 00:04:28,190 So what I would do here next is if I wanted to set a static 116 00:04:28,190 --> 00:04:31,860 IP address for this machine, is I would just to 117 00:04:31,860 --> 00:04:33,490 enter that in this-- 118 00:04:33,490 --> 00:04:36,010 or actually first, let me show you my IP configuration. 119 00:04:36,010 --> 00:04:39,010 I'll do an "ip config all." And you can see that as I go 120 00:04:39,010 --> 00:04:41,900 back up here my ethernet adapter, that it does have a 121 00:04:41,900 --> 00:04:44,430 current IP address, but it's just issued 122 00:04:44,430 --> 00:04:46,540 by DHCP server here. 123 00:04:46,540 --> 00:04:48,750 And I don't really have a DNS server other than this one 124 00:04:48,750 --> 00:04:49,570 configured right here. 125 00:04:49,570 --> 00:04:52,400 But if I wanted to set any of that up statically, I would 126 00:04:52,400 --> 00:04:54,030 have to do something different here. 127 00:04:54,030 --> 00:04:57,260 Now, we already learned from our previous command here that 128 00:04:57,260 --> 00:05:01,290 we are on our index 12, and it's the ethernet is the name. 129 00:05:01,290 --> 00:05:03,960 So knowing that, I can enter in a NetShell command to set 130 00:05:03,960 --> 00:05:06,492 up a static IP address like this. 131 00:05:06,492 --> 00:05:08,690 And I just went ahead and paused recording and typed all 132 00:05:08,690 --> 00:05:10,010 it in, as you can see. 133 00:05:10,010 --> 00:05:14,010 But I would just use "netsh," and then "interface" is going 134 00:05:14,010 --> 00:05:15,750 to be going to IP version 4. 135 00:05:15,750 --> 00:05:17,350 That's what I'm trying to configure. 136 00:05:17,350 --> 00:05:21,920 I'm going to set the address, and then the "name=ethernet," 137 00:05:21,920 --> 00:05:24,150 which you can see up here is ethernet. 138 00:05:24,150 --> 00:05:27,710 You can also use "index=" and do an "index=12," but I just 139 00:05:27,710 --> 00:05:29,420 did "name=ethernet." 140 00:05:29,420 --> 00:05:32,460 "source=static address," and it wraps around, so you just 141 00:05:32,460 --> 00:05:35,140 kind of have to look at the word as it wraps around here. 142 00:05:35,140 --> 00:05:37,660 And then address, this is a static IP address I want, 143 00:05:37,660 --> 00:05:42,650 10.10.10.82, and a subnet mask of a class C subnet mask. 144 00:05:42,650 --> 00:05:46,770 Then I want a gateway address of 10.10.10.1. 145 00:05:46,770 --> 00:05:49,870 Notice that in this configuration, there's no DNS 146 00:05:49,870 --> 00:05:50,600 configuration. 147 00:05:50,600 --> 00:05:52,330 You do that later. 148 00:05:52,330 --> 00:05:54,190 So I'll go ahead and press Enter. 149 00:05:54,190 --> 00:05:57,410 Now I'll do an "ip config all," and we can now see that 150 00:05:57,410 --> 00:06:01,650 we have 10.10.10.82, and with a class C subnet 151 00:06:01,650 --> 00:06:02,890 mask, and so on. 152 00:06:02,890 --> 00:06:06,840 We could also do, again, the DNS server if I needed to, 153 00:06:06,840 --> 00:06:07,710 which I'll do shortly. 154 00:06:07,710 --> 00:06:09,870 Oh, I almost forgot, here's the default gateway, which I 155 00:06:09,870 --> 00:06:14,380 also specified in that previous command. 156 00:06:14,380 --> 00:06:17,710 Then in order to configure the DNS server's IP address on 157 00:06:17,710 --> 00:06:21,270 this local client, I would enter in "netsh." And you 158 00:06:21,270 --> 00:06:23,820 could type "interface," but you can also abbreviate that 159 00:06:23,820 --> 00:06:25,540 one. "int" is sufficient. 160 00:06:25,540 --> 00:06:27,730 I've gotten too lazy to put all the typing, so I 161 00:06:27,730 --> 00:06:28,550 abbreviated. 162 00:06:28,550 --> 00:06:33,730 Then "ipv4 and dnsserver name=," again, "ethernet." And 163 00:06:33,730 --> 00:06:36,710 then this time, address is going to be the IP address of 164 00:06:36,710 --> 00:06:38,160 my DNS server. 165 00:06:38,160 --> 00:06:42,040 And "index=1" simply identifies that I want to make 166 00:06:42,040 --> 00:06:43,580 it the primary DNS server. 167 00:06:43,580 --> 00:06:47,545 This is not index as in what we took a look at earlier when 168 00:06:47,545 --> 00:06:49,800 we saw that the local adapter was index 12. 169 00:06:49,800 --> 00:06:52,080 That's not relating to the same thing. 170 00:06:52,080 --> 00:06:53,580 This simply specifies that I want that to 171 00:06:53,580 --> 00:06:55,700 be my primary server. 172 00:06:55,700 --> 00:06:57,550 Then we press Enter. 173 00:06:57,550 --> 00:07:02,240 And then know if I do an "ip config all," we see that we do 174 00:07:02,240 --> 00:07:05,590 indeed have the DNS server at 10.10.10.71. 175 00:07:05,590 --> 00:07:09,380 So using NetShell, you can configure your IP properties 176 00:07:09,380 --> 00:07:11,150 as necessary. 177 00:07:11,150 --> 00:07:13,040 And we also want to do some other things, such as changing 178 00:07:13,040 --> 00:07:13,720 the computer name. 179 00:07:13,720 --> 00:07:17,750 Because Windows by default will just install the computer 180 00:07:17,750 --> 00:07:19,600 with a strange convoluted name. 181 00:07:19,600 --> 00:07:21,320 You'll see what I mean in a moment. 182 00:07:21,320 --> 00:07:23,350 First thing we want to do is to identify what the existing 183 00:07:23,350 --> 00:07:25,120 name of the computer is. 184 00:07:25,120 --> 00:07:27,225 And we can't really right click on My Computer and 185 00:07:27,225 --> 00:07:29,990 choose properties to find that out, because obviously there's 186 00:07:29,990 --> 00:07:31,290 nothing to right click on. 187 00:07:31,290 --> 00:07:34,540 So we could do it a few other ways, and "ip config all" will 188 00:07:34,540 --> 00:07:35,330 show that to us. 189 00:07:35,330 --> 00:07:36,940 If we just go up here, we'll see that there's the name of 190 00:07:36,940 --> 00:07:37,950 the computer there. 191 00:07:37,950 --> 00:07:39,320 There's the host name. 192 00:07:39,320 --> 00:07:40,880 But there's also a lot of other data we don't really 193 00:07:40,880 --> 00:07:41,480 need to see. 194 00:07:41,480 --> 00:07:44,210 We could also use "set," which shows us a lot of environment 195 00:07:44,210 --> 00:07:47,190 variables for this system, plus the computer name, right 196 00:07:47,190 --> 00:07:49,000 here again. 197 00:07:49,000 --> 00:07:52,970 Or we could just do "host name," which gives you just 198 00:07:52,970 --> 00:07:53,890 the host name. 199 00:07:53,890 --> 00:07:55,930 That's probably the plainest of all of those. 200 00:07:55,930 --> 00:07:57,760 But you can see how Microsoft has kind of named it some 201 00:07:57,760 --> 00:07:59,770 convoluted name there. 202 00:07:59,770 --> 00:08:01,360 I don't know why they do that, but I guess 203 00:08:01,360 --> 00:08:02,420 they have to do something. 204 00:08:02,420 --> 00:08:04,420 So let's go ahead and clear the screen here and figure out 205 00:08:04,420 --> 00:08:07,150 how we would rename the computer, in this case, by 206 00:08:07,150 --> 00:08:09,560 using then the "netdom" command. 207 00:08:09,560 --> 00:08:11,730 So in order to rename the computer, here's how I would 208 00:08:11,730 --> 00:08:14,770 use that-- "netdom," then "renamecomputer." And you 209 00:08:14,770 --> 00:08:16,350 could do other things with netdom as well, such as 210 00:08:16,350 --> 00:08:17,780 joining a domain-- 211 00:08:17,780 --> 00:08:20,710 but "renamecomputer," and then "%computername%." Now, why am 212 00:08:20,710 --> 00:08:21,910 I doing that? 213 00:08:21,910 --> 00:08:23,940 Because I already forgot the name of this computer. 214 00:08:23,940 --> 00:08:26,040 It so convoluted, I didn't want to have to think of it. 215 00:08:26,040 --> 00:08:28,970 I actually waste brain cells thinking about it anyway, 216 00:08:28,970 --> 00:08:31,680 because I'm renaming the computer anyhow, and it 217 00:08:31,680 --> 00:08:32,220 wouldn't matter. 218 00:08:32,220 --> 00:08:35,620 So I'm just doing a variable of "%computername%," which 219 00:08:35,620 --> 00:08:38,520 means that whatever the name of the computer is, we're 220 00:08:38,520 --> 00:08:43,820 going to rename it to a new name here, a "VMCNugget02 221 00:08:43,820 --> 00:08:47,570 /userd," and then this would be the name of the user 222 00:08:47,570 --> 00:08:50,050 credentials that we're implementing here. 223 00:08:50,050 --> 00:08:53,510 And then we could also do a password, then a colon, and 224 00:08:53,510 --> 00:08:54,950 then that password if we wanted to. 225 00:08:54,950 --> 00:08:57,900 However, I'm not going to do that in this case, because if 226 00:08:57,900 --> 00:09:00,170 you do that, you to type it in in plain text. 227 00:09:00,170 --> 00:09:02,875 If we leave off the actual password, then it 228 00:09:02,875 --> 00:09:03,550 prompts us for it. 229 00:09:03,550 --> 00:09:07,710 And then it's "reboot:0," meaning reboot in 0 seconds, 230 00:09:07,710 --> 00:09:11,520 so that will accept that new computer name. 231 00:09:11,520 --> 00:09:13,890 Because as you know, anytime you rename a computer, you do 232 00:09:13,890 --> 00:09:16,950 have to restart it in order for that to take. 233 00:09:16,950 --> 00:09:19,330 So that having been done, I'm going to go ahead and press 234 00:09:19,330 --> 00:09:20,836 Enter here. 235 00:09:20,836 --> 00:09:22,460 Oops, except I see a made a mistake. 236 00:09:22,460 --> 00:09:23,960 Let's go back over here. 237 00:09:23,960 --> 00:09:25,530 There's no space after "userd." 238 00:09:25,530 --> 00:09:28,310 OK, so I'll press Enter here, and then it says, do you want 239 00:09:28,310 --> 00:09:28,820 to proceed? 240 00:09:28,820 --> 00:09:32,540 It's telling me that some services such as a CA, or 241 00:09:32,540 --> 00:09:35,160 certification authority, would depend upon a 242 00:09:35,160 --> 00:09:36,330 fixed machine name. 243 00:09:36,330 --> 00:09:39,450 So if this was a CA, that would really cause a 244 00:09:39,450 --> 00:09:40,190 problem with that. 245 00:09:40,190 --> 00:09:43,340 It's not, so I'm just going to press Y and Enter. 246 00:09:43,340 --> 00:09:47,620 And now we can see that it has gone ahead and restart. 247 00:09:47,620 --> 00:09:49,170 And then once we've renamed the computer and it's 248 00:09:49,170 --> 00:09:52,480 restarted here, we can use "netdom" to join the computer. 249 00:09:52,480 --> 00:09:54,680 Again, you can specify the computer name or enter in the 250 00:09:54,680 --> 00:09:56,420 variable, like you see here. 251 00:09:56,420 --> 00:09:58,990 And then "/domain," the name of the domain-- 252 00:09:58,990 --> 00:10:01,580 you can also just put in "nuggetlab" here, or the flat 253 00:10:01,580 --> 00:10:04,300 name of the domain, as opposed to the fully qualified domain 254 00:10:04,300 --> 00:10:06,320 name, as in .com here-- 255 00:10:06,320 --> 00:10:10,080 and then "/userd," and then "Administrator" in my case, 256 00:10:10,080 --> 00:10:13,120 but whoever has the privileges to be able to join this 257 00:10:13,120 --> 00:10:16,270 computer to the domain, and then "/password." And then if 258 00:10:16,270 --> 00:10:17,620 you don't enter a password there, it will 259 00:10:17,620 --> 00:10:18,880 prompt you as well. 260 00:10:18,880 --> 00:10:19,700 Then the reboot. 261 00:10:19,700 --> 00:10:21,270 This is actually the number of seconds, by the 262 00:10:21,270 --> 00:10:23,140 way, for the reboot. 263 00:10:23,140 --> 00:10:24,820 So you can give it a few seconds, or if you just 264 00:10:24,820 --> 00:10:27,510 entered a 0 there, then it would reboot immediately. 265 00:10:27,510 --> 00:10:29,640 Now, I don't actually have this domain up and running 266 00:10:29,640 --> 00:10:32,090 yet, so it's not going to give me anything if I press Enter. 267 00:10:32,090 --> 00:10:34,070 I think it will just bark at me. 268 00:10:34,070 --> 00:10:34,950 Yeah, it says the domain doesn't 269 00:10:34,950 --> 00:10:36,610 actually exist, as I mentioned. 270 00:10:36,610 --> 00:10:38,830 But if you do have one, then, of course, it will then join 271 00:10:38,830 --> 00:10:41,070 it at that point. 272 00:10:41,070 --> 00:10:43,100 The next thing I might want to do would be to create a user 273 00:10:43,100 --> 00:10:45,500 account, because by default, I've only got the local 274 00:10:45,500 --> 00:10:46,700 administrator account. 275 00:10:46,700 --> 00:10:48,790 I usually use the trainer account for all my 276 00:10:48,790 --> 00:10:49,410 demonstrations. 277 00:10:49,410 --> 00:10:51,820 So I might want to add that account and log on with it. 278 00:10:51,820 --> 00:10:53,910 And of course, you'll want to add yours as well 279 00:10:53,910 --> 00:10:54,860 for your own purposes. 280 00:10:54,860 --> 00:10:57,340 So I would just doing a "net user," and then the name of 281 00:10:57,340 --> 00:11:00,850 the user, "trainer" in this case, and "/add." Also, 282 00:11:00,850 --> 00:11:03,790 there's nothing you can do here, so I just an asterisk. 283 00:11:03,790 --> 00:11:04,900 It'll prompt me for the password. 284 00:11:04,900 --> 00:11:07,460 Otherwise, it will not assign a password, and I'll have to 285 00:11:07,460 --> 00:11:09,690 change it at the first log-on. 286 00:11:09,690 --> 00:11:12,360 So I'll enter in a password and confirm that. 287 00:11:12,360 --> 00:11:14,462 You can't really see what I'm typing, of course, because it 288 00:11:14,462 --> 00:11:15,360 doesn't show it on the screen. 289 00:11:15,360 --> 00:11:17,110 But I entered and confirmed that password. 290 00:11:17,110 --> 00:11:19,145 And then the next thing I probably need to do is to add 291 00:11:19,145 --> 00:11:21,150 it to the local administrators group, in this case. 292 00:11:21,150 --> 00:11:23,410 Or, of course, you would add your account to whichever 293 00:11:23,410 --> 00:11:24,910 group was interesting to you. 294 00:11:24,910 --> 00:11:28,830 But I would do a "net localgroup," and then the name 295 00:11:28,830 --> 00:11:30,880 of the group I'm interested in adding it to, and that would 296 00:11:30,880 --> 00:11:35,710 be "Administrators." I think I typed that right. 297 00:11:35,710 --> 00:11:38,410 And then the name of the-- 298 00:11:38,410 --> 00:11:40,150 that I want to add is what I want to do here. 299 00:11:40,150 --> 00:11:42,780 So I want to add to, and then I'm going to enter in the name 300 00:11:42,780 --> 00:11:46,410 of the account, being "Trainer." 301 00:11:46,410 --> 00:11:50,770 Now, if I do a "net user trainer," without any other 302 00:11:50,770 --> 00:11:54,490 options here, except for typing correctly, then we'll 303 00:11:54,490 --> 00:11:57,140 see that I'm been able to confirm that I have indeed 304 00:11:57,140 --> 00:11:59,980 added to the local Administrators security group, 305 00:11:59,980 --> 00:12:01,490 as well as it's already by default 306 00:12:01,490 --> 00:12:03,300 anyway member of Users. 307 00:12:03,300 --> 00:12:06,516 But we see we're successful in creating this account now. 308 00:12:06,516 --> 00:12:09,190 Now, the next thing I want to show you here is SConfig. 309 00:12:09,190 --> 00:12:11,330 And this is something I really, really like for 310 00:12:11,330 --> 00:12:13,210 configuring these servers. 311 00:12:13,210 --> 00:12:15,780 Let me go back and close the console there. 312 00:12:15,780 --> 00:12:19,370 And then, let me go back to this VMC Nugget 02. 313 00:12:19,370 --> 00:12:21,890 And I'm going to go back to the baseline, which has no 314 00:12:21,890 --> 00:12:23,500 configuration to it. 315 00:12:23,500 --> 00:12:25,750 So I'm going to right click on this and choose Apply. 316 00:12:25,750 --> 00:12:29,650 Now, what am I doing when I do this, by clicking Apply here? 317 00:12:29,650 --> 00:12:31,670 What happens is, it started off this way. 318 00:12:31,670 --> 00:12:34,040 And then time went by, and I was configuring this, and I 319 00:12:34,040 --> 00:12:36,890 was configuring that, and I changed the IP address, and I 320 00:12:36,890 --> 00:12:38,830 changed the computer name, and so on. 321 00:12:38,830 --> 00:12:42,160 Well, I can go back to a previous point in time. 322 00:12:42,160 --> 00:12:43,180 That's my baseline here. 323 00:12:43,180 --> 00:12:46,030 I recommend that you create a baseline of your virtual 324 00:12:46,030 --> 00:12:48,680 machines, so that if you need to get back to a known good 325 00:12:48,680 --> 00:12:51,680 situation with that machine, then you can do so. 326 00:12:51,680 --> 00:12:54,390 This has no configuration of any kind on it. 327 00:12:54,390 --> 00:12:57,790 And now I'm going to go ahead and just actually start this 328 00:12:57,790 --> 00:12:59,830 virtual machine. 329 00:12:59,830 --> 00:13:02,250 So I'll go over here and click Start, and then I'll go ahead 330 00:13:02,250 --> 00:13:03,480 and open it up. 331 00:13:03,480 --> 00:13:05,020 Now, the next thing I want to show you, though, while this 332 00:13:05,020 --> 00:13:10,360 is happening, is I want to talk to about how we can use 333 00:13:10,360 --> 00:13:13,920 SConfig to more easily configure your servers. 334 00:13:13,920 --> 00:13:15,990 This is just a message saying that although I clicked in the 335 00:13:15,990 --> 00:13:19,000 window, the mouse driver hadn't loaded yet, and so it 336 00:13:19,000 --> 00:13:22,050 didn't really do anything for me at that point. 337 00:13:22,050 --> 00:13:23,760 All right, so now I've rebooted this computer. 338 00:13:23,760 --> 00:13:28,240 And if I do a few things here, like a "hostname," you'll see 339 00:13:28,240 --> 00:13:31,180 that it's back to whatever the default name was that it came 340 00:13:31,180 --> 00:13:33,760 up with when it renamed this during installation. 341 00:13:33,760 --> 00:13:38,040 And then I do an "ipconfig." You see I've got just my old 342 00:13:38,040 --> 00:13:40,390 DHCP assigned IP address there. 343 00:13:40,390 --> 00:13:43,020 So there's nothing configured on this machine. 344 00:13:43,020 --> 00:13:45,800 But one of the coolest tools you can use besides NetShell 345 00:13:45,800 --> 00:13:49,650 and Netdom and others would be to use SConfig. 346 00:13:49,650 --> 00:13:53,200 This actually came out with Server 2008 R2. 347 00:13:53,200 --> 00:13:54,740 And it does a lot of the same things. 348 00:13:54,740 --> 00:13:56,610 It's just that it does it through a menu system, which 349 00:13:56,610 --> 00:13:58,100 is much easier to work with. 350 00:13:58,100 --> 00:14:00,550 For example, the computer name item here, let's start with 351 00:14:00,550 --> 00:14:01,760 that one, number two. 352 00:14:01,760 --> 00:14:03,630 So press the number 2 and press Enter. 353 00:14:03,630 --> 00:14:05,410 And then it asks you for the new computer name, which I 354 00:14:05,410 --> 00:14:09,350 want to be "VMCNugget02," and press Enter. 355 00:14:09,350 --> 00:14:10,740 It says you must restart. 356 00:14:10,740 --> 00:14:11,570 Do you want to do this now? 357 00:14:11,570 --> 00:14:13,570 No, I don't want to do that now. 358 00:14:13,570 --> 00:14:15,580 How about joining it to a domain or work group? 359 00:14:15,580 --> 00:14:17,780 I'll enter in 1 to join it to a domain. 360 00:14:17,780 --> 00:14:21,880 I'll press D for domain, the name of the domain. 361 00:14:21,880 --> 00:14:24,340 It may bark at me because I don't actually have that 362 00:14:24,340 --> 00:14:24,910 domain yet. 363 00:14:24,910 --> 00:14:29,210 But I would specify the name of the domain and the user, 364 00:14:29,210 --> 00:14:33,290 and the password, if it's associated, 365 00:14:33,290 --> 00:14:34,970 something like this. 366 00:14:34,970 --> 00:14:38,610 And then as I said, it doesn't actually have that domain up 367 00:14:38,610 --> 00:14:39,140 and running yet. 368 00:14:39,140 --> 00:14:41,130 We're going to do that in an upcoming Nugget. 369 00:14:41,130 --> 00:14:44,370 Then what we would do here is we can also configure remote 370 00:14:44,370 --> 00:14:44,645 management. 371 00:14:44,645 --> 00:14:47,580 Now, I actually did do that configuration so that I could 372 00:14:47,580 --> 00:14:50,170 show some things remotely, just in case I wanted to. 373 00:14:50,170 --> 00:14:52,700 But if I didn't, I could choose number 4, and then 374 00:14:52,700 --> 00:14:55,670 choose enable, disable, or configure the 375 00:14:55,670 --> 00:14:57,110 server response to ping. 376 00:14:57,110 --> 00:14:59,380 Now, this is something that's actually pretty interesting. 377 00:14:59,380 --> 00:15:00,860 Let me show you what I mean by that. 378 00:15:00,860 --> 00:15:02,480 Let me open up a command prompt in 379 00:15:02,480 --> 00:15:03,400 another machine here. 380 00:15:03,400 --> 00:15:05,300 I'm going to drag the command prompt over here. 381 00:15:05,300 --> 00:15:06,600 This is actually command prompt from 382 00:15:06,600 --> 00:15:09,170 my Windows 7 computer. 383 00:15:09,170 --> 00:15:13,310 But if I try to ping 10.10.10.40 right now, I'm not 384 00:15:13,310 --> 00:15:14,220 going to get anything. 385 00:15:14,220 --> 00:15:17,510 Now, we know that the IP address of this machine over 386 00:15:17,510 --> 00:15:20,410 here is .40, because we saw that earlier. 387 00:15:20,410 --> 00:15:22,470 So why am I not getting a ping response back? 388 00:15:22,470 --> 00:15:24,950 If you're not familiar with ping, it's a good way to test 389 00:15:24,950 --> 00:15:27,950 network connectivity to a destination. 390 00:15:27,950 --> 00:15:30,060 This would fool me into thinking-- 391 00:15:30,060 --> 00:15:31,710 just by looking at this, this would fool me into thinking, 392 00:15:31,710 --> 00:15:34,200 oh no, that machine's down, because I'm not getting any 393 00:15:34,200 --> 00:15:35,500 answers back. 394 00:15:35,500 --> 00:15:38,610 But what we can do is to enable it to respond to ping, 395 00:15:38,610 --> 00:15:39,910 because right now, the firewall 396 00:15:39,910 --> 00:15:41,430 actually prevents that. 397 00:15:41,430 --> 00:15:44,900 So I can configure response to ping, allow machine to ping 398 00:15:44,900 --> 00:15:46,550 this server, yes. 399 00:15:46,550 --> 00:15:51,540 Now when I go back up here, I can run this again. 400 00:15:51,540 --> 00:15:54,210 And now we can see that we can get replies back to it. 401 00:15:54,210 --> 00:15:57,070 So it's a great way to test it, not a lot of security 402 00:15:57,070 --> 00:16:01,330 vulnerability in allowing ping, unless you are concerned 403 00:16:01,330 --> 00:16:04,820 about getting a flurry of pings in some kind of a denial 404 00:16:04,820 --> 00:16:05,630 of service attack. 405 00:16:05,630 --> 00:16:08,070 But there's a lot of things in place nowadays, both in 406 00:16:08,070 --> 00:16:11,020 networking equipment, as well as the operating system, that 407 00:16:11,020 --> 00:16:15,620 can detect that kind of an attack, and stop it short. 408 00:16:15,620 --> 00:16:16,520 OK, let's see what else we've got. 409 00:16:16,520 --> 00:16:17,850 I'm going to return to the main menu by 410 00:16:17,850 --> 00:16:18,960 pressing number 4. 411 00:16:18,960 --> 00:16:20,830 And I think you can probably figure out how to use this 412 00:16:20,830 --> 00:16:23,090 whole interface, so I'm not going to elaborate an awful 413 00:16:23,090 --> 00:16:27,110 lot on it, other than to also point you to Network 414 00:16:27,110 --> 00:16:28,660 Settings, number 8. 415 00:16:28,660 --> 00:16:33,460 And you can see here that my IP address is now 10.10.10.40. 416 00:16:33,460 --> 00:16:35,530 And I can select the network adapter, which would be number 417 00:16:35,530 --> 00:16:37,500 10, to change that. 418 00:16:37,500 --> 00:16:39,150 You can see that was 10, because that's what 419 00:16:39,150 --> 00:16:40,350 I entered in here. 420 00:16:40,350 --> 00:16:42,650 And then what I would want to do now is to set the network 421 00:16:42,650 --> 00:16:44,640 adapter address. 422 00:16:44,640 --> 00:16:48,570 And I could set it up as a static address, in 10.10.10.-- 423 00:16:48,570 --> 00:16:49,740 oh, I don't even remember what I gave this one-- 424 00:16:49,740 --> 00:16:51,770 82, maybe, something like that-- 425 00:16:51,770 --> 00:16:55,100 and then my subnet mask, class C subnet mask. 426 00:16:55,100 --> 00:16:57,930 We'll talk more about IP addresses and subnet masks and 427 00:16:57,930 --> 00:17:00,530 default gateways and things like that at a later point in 428 00:17:00,530 --> 00:17:03,510 time, but just in brief this home identified on the network 429 00:17:03,510 --> 00:17:04,810 by IP address. 430 00:17:04,810 --> 00:17:08,400 This is something that will help to identify which network 431 00:17:08,400 --> 00:17:09,390 segment I'm on. 432 00:17:09,390 --> 00:17:12,690 This will configure where network traffic goes when I'm 433 00:17:12,690 --> 00:17:16,180 trying to find a host that's not on my own same network. 434 00:17:16,180 --> 00:17:18,300 And then that's pretty much it for that part. 435 00:17:18,300 --> 00:17:21,180 The next thing I could do then is to set the DNS server. 436 00:17:21,180 --> 00:17:22,950 Of course, we want to do that as well. 437 00:17:22,950 --> 00:17:26,780 So I'll enter in the new preferred DNS server. 438 00:17:26,780 --> 00:17:30,150 And that will just be an IP address, 10.10.10.-- 439 00:17:30,150 --> 00:17:32,060 I think I have one at 70. 440 00:17:32,060 --> 00:17:34,830 So then it tells me my preferred DNS server is set. 441 00:17:34,830 --> 00:17:37,930 And if I have an alternate, I can do that as well. 442 00:17:37,930 --> 00:17:41,100 So I'll enter in the alternate DNS server. 443 00:17:41,100 --> 00:17:42,300 And that's pretty much it. 444 00:17:42,300 --> 00:17:44,690 Now what I could do is just return to the main menu. 445 00:17:44,690 --> 00:17:47,280 And I could actually then exit this as well, so I'll get to a 446 00:17:47,280 --> 00:17:50,860 command line, and I'll do an "ip config all." And we'll see 447 00:17:50,860 --> 00:17:53,560 that we were able to successfully configure all of 448 00:17:53,560 --> 00:17:57,080 those things-- the DNS, the subnet mask, the IP address, 449 00:17:57,080 --> 00:17:59,290 the default gateway, all those things. 450 00:17:59,290 --> 00:18:01,930 The name of the host has not changed yet, because I haven't 451 00:18:01,930 --> 00:18:02,680 rebooted it. 452 00:18:02,680 --> 00:18:05,300 But otherwise, using SConfig is a great 453 00:18:05,300 --> 00:18:06,780 way to go, very intuitive. 454 00:18:06,780 --> 00:18:09,110 You don't have to worry about typos for the most part. 455 00:18:09,110 --> 00:18:12,890 And I strongly recommend it for new configurations of your 456 00:18:12,890 --> 00:18:15,370 core machine. 457 00:18:15,370 --> 00:18:18,270 I talked to you in previous times here about remotely 458 00:18:18,270 --> 00:18:21,450 connecting to a core machine using the MMC console. 459 00:18:21,450 --> 00:18:23,450 This can be done through Remote Server Administration 460 00:18:23,450 --> 00:18:29,300 Tools in Windows 8, or in Windows Server 2012 from a 461 00:18:29,300 --> 00:18:30,980 full GUI machine. 462 00:18:30,980 --> 00:18:34,230 But I need to open up the firewall in order to allow 463 00:18:34,230 --> 00:18:34,830 that to happen. 464 00:18:34,830 --> 00:18:37,500 Otherwise, the firewall that's turned on by default will 465 00:18:37,500 --> 00:18:40,290 block the request to remotely administer. 466 00:18:40,290 --> 00:18:41,290 So here's what I would do. 467 00:18:41,290 --> 00:18:44,590 I would do a "netsh advfirewall firewall set rule 468 00:18:44,590 --> 00:18:47,640 group=," quotations "remote administration"-- 469 00:18:47,640 --> 00:18:49,440 quotes because of the space there-- 470 00:18:49,440 --> 00:18:52,490 and then "new enable=yes." So that's how we 471 00:18:52,490 --> 00:18:53,500 would enable that. 472 00:18:53,500 --> 00:18:55,050 Now, I'm not going to actually turn that one on quite yet, 473 00:18:55,050 --> 00:18:56,650 but I do want to show you another thing you might want 474 00:18:56,650 --> 00:18:59,060 to do in some instances. 475 00:18:59,060 --> 00:19:01,150 This would be the case if, number one, you have a third 476 00:19:01,150 --> 00:19:02,000 party firewall-- 477 00:19:02,000 --> 00:19:03,170 software firewall-- 478 00:19:03,170 --> 00:19:05,550 that you're using instead of Microsoft's own firewall. 479 00:19:05,550 --> 00:19:07,540 Normally, when you install those, it will disable the 480 00:19:07,540 --> 00:19:10,830 Microsoft firewall, and it will enable its own firewall. 481 00:19:10,830 --> 00:19:14,190 But if for some reason the Microsoft firewall has gotten 482 00:19:14,190 --> 00:19:17,430 turned back on again, then it could cause a conflict and 483 00:19:17,430 --> 00:19:21,020 some problems by having two firewalls on simultaneously. 484 00:19:21,020 --> 00:19:23,600 So I might want to disable the Windows 485 00:19:23,600 --> 00:19:24,460 Firewall for that reason. 486 00:19:24,460 --> 00:19:26,500 The other one would be, maybe you're in an initial 487 00:19:26,500 --> 00:19:29,240 configuration state, kind of like how we are right here, 488 00:19:29,240 --> 00:19:31,310 and we need to do a lot of things that use kind of weird 489 00:19:31,310 --> 00:19:33,245 ports over the network or something like that, maybe to 490 00:19:33,245 --> 00:19:36,160 install some network applications, stuff like that. 491 00:19:36,160 --> 00:19:38,170 Well, if that's the case, you might want to just disable the 492 00:19:38,170 --> 00:19:41,450 firewall entirely, only temporarily, and only if 493 00:19:41,450 --> 00:19:42,810 you're in a secure environment. 494 00:19:42,810 --> 00:19:45,960 Maybe I have a hardware firewall that already serves 495 00:19:45,960 --> 00:19:48,440 that purpose for me for the firewall. 496 00:19:48,440 --> 00:19:50,580 So in those types of situations, you could do a 497 00:19:50,580 --> 00:19:56,270 "netsh," and then an "advfirewall." And then "set 498 00:19:56,270 --> 00:20:01,540 allprofiles state," and then "off." And then we would have 499 00:20:01,540 --> 00:20:02,730 disabled the firewall. 500 00:20:02,730 --> 00:20:05,840 Now, let me show you how I could take advantage of that 501 00:20:05,840 --> 00:20:08,050 now by remote administration. 502 00:20:08,050 --> 00:20:11,720 So for example, here I'm remotely connected to-- 503 00:20:11,720 --> 00:20:13,560 actually, I'm locally connected to Computer 504 00:20:13,560 --> 00:20:14,380 Management. 505 00:20:14,380 --> 00:20:16,940 But I want to be remotely connected, by connecting to 506 00:20:16,940 --> 00:20:18,890 another computer with a right click here. 507 00:20:18,890 --> 00:20:21,790 And then I would just enter in the IP address of that host, 508 00:20:21,790 --> 00:20:23,310 10.10.10.82. 509 00:20:23,310 --> 00:20:25,920 And now you can see I'm remotely connected to all of 510 00:20:25,920 --> 00:20:28,740 those tools, and then could do whatever I needed to, whether 511 00:20:28,740 --> 00:20:31,640 it's to adjust disk space, or look at event logs, or 512 00:20:31,640 --> 00:20:33,690 something like that. 513 00:20:33,690 --> 00:20:36,090 And then one other thing you could do here is if you want 514 00:20:36,090 --> 00:20:38,540 to reset everything back to the initial configurations. 515 00:20:38,540 --> 00:20:41,130 Kind of tough to follow what's going on in the firewall if 516 00:20:41,130 --> 00:20:43,770 you're working strictly from a command prompt here. 517 00:20:43,770 --> 00:20:45,780 So if you need to reset everything, you can do a 518 00:20:45,780 --> 00:20:47,250 "netsh advfirewall"-- 519 00:20:47,250 --> 00:20:51,890 520 00:20:51,890 --> 00:20:52,610 it must be getting late. 521 00:20:52,610 --> 00:20:55,880 My typing skills are going all down south here. 522 00:20:55,880 --> 00:20:59,480 So "netsh advfirewall reset," and then we're OK again. 523 00:20:59,480 --> 00:21:01,360 So that should take us back to the 524 00:21:01,360 --> 00:21:04,660 out-of-the-box firewall settings. 525 00:21:04,660 --> 00:21:07,460 In this Nugget, we talked about configuring Server Core. 526 00:21:07,460 --> 00:21:09,810 Now, this is a very important Nugget, because a lot of your 527 00:21:09,810 --> 00:21:12,810 servers right now are going to be Server Core machines. 528 00:21:12,810 --> 00:21:15,080 So you need to know how to administer them and how to 529 00:21:15,080 --> 00:21:16,450 remotely administer them. 530 00:21:16,450 --> 00:21:19,520 We showed you how to configure them locally using a command 531 00:21:19,520 --> 00:21:22,370 prompt or SConfig. 532 00:21:22,370 --> 00:21:25,220 And we also took a look at other things, such as opening 533 00:21:25,220 --> 00:21:28,330 up the firewall, since you could use remote consoles. 534 00:21:28,330 --> 00:21:30,260 Well, I hope this has been informative for you, and I'd 535 00:21:30,260 --> 00:21:31,510 like to thank you for viewing. 536 00:21:31,510 --> 00:21:32,798