Server Core Install

Discover how Pleasant Password Server will enhance KeePass for business

Here are steps, tools, and resources which will help you prepare and manage Windows Server Core, that is, a Windows Server without "Desktop Experience".

Pleasant Password Server can be administered primarily through a Web interface, making it a prime candidate for installing & running on "Server Core".

Applies to Installations on:

• Windows Server Standard
• Windows Server Datacenter

Sections:

• Benefits & Drawbacks
• Configuring Windows Server Core
• Install Password Server
• Change the Certificate, Port, or Database
• Tools and Methods of Administering Server Core
• References

1. Have Questions?  Contact Us!

Benefits & Drawbacks

Benefits to using Server Core are:

• Reduced attack surface & improved application security environment
• Reduced maintenance & management requirements
• Reduced disk space & memory usage

However, the edition is limited:

• Minimal environment, no graphical user interface (GUI),
• Graphical applications are not supported,
• Only a clean, new installation of Windows Server Core is possible (i.e. cannot upgrade from a previous Windows version)

For more info: see What is Server Core installation option in Window Server

Configuring Windows Server Core

Step 1: Enable Windows Remote Management

• Confirm that WinRM is configured:
  
  • Winrm quickconfig
• If WinRM (Windows Remote Management) is not installed you will be asked to configure it:
  
  • Enable-PSRemoting

Step 2: Get Windows PowerShell Update

• If you use a WSUS server, skip this step.
• Download PSWindowsUpdate.zip file 

Invoke-WebRequest `
https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/file/41459/47/PSWindowsUpdate.zip `
-UseBasicParsing -OutFile C:\Windows\System32\Windows\PowerShell\1.0\Modules\PSWindowsUpdate.zip 

cd C:\Windows\System32\Windows\PowerShell\1.0\Modules 
Expand-Archive PSWindowsUpdate.zip `
-DestinationPath C:\Windows\System32\Windows\PowerShell\1.0\Modules

Step 3: Register & Run Microsoft Updates

• Register Microsoft Update Service:
  • Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d
• Run updates from the Microsoft Update Servers, accept all updates, and auto reboot:
  • Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot

Step 4: Set Power Plan to High Performance

• Set Power Plan to High Performance:

Try {
    $HighPerf = powercfg -l | %{if($_.contains("High performance")) {$_.split()[3]}}
    $CurrPlan = $(powercfg -getactivescheme).split()[3]    
    if ($CurrPlan -ne $HighPerf)    
    {
        powercfg -setactive $HighPerf    
    }
} Catch
{       
    Write-Warning -Message "Unable to set power plan to high performance"
}

Step 5: Set TimeZone

• Check the current timezone:
  
  • Get-TimeZone | Select Id
• Display all possible timezones (Display name / ID):
  
  • tzutil /l
• Set the Time Zone Id (for example, for EST):
  • Set-TimeZone US Eastern Standard Time

Step 6: Reduce boot delay

• Change time to display OS from 30 seconds to 5:
  • bcdedit /timeout 5

Step 7: Disable IPv6

• This step is optional, and may be beneficial for some customers towards resolving some strange settings behaviours.

New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" `
-Name "DisabledComponents" -Value 0xffffffff -PropertyType "DWord"

Install Password Server

From here, we will use PowerShell to run the executable and launch the installation gui, and can even click through through prompts as usual.

Step 8: Download & Install Pleasant Password Server

Download from one of the following version streams:

Invoke-WebRequest `
https://downloads.pleasantsolutions.com/package/b6ef48b6-658c-43f6-8cd0-f2392ed769e9/ `
PasswordServerStable/Current/PleasantPassServer.exe -UseBasicParsing -OutFile `
C:\PleasantPassServer.exe

Invoke-WebRequest `
https://downloads.pleasantsolutions.com/package/3f1c8809-2099-4237-8337-abd36006d111/ `
PasswordServer/Current/PleasantPassServer.exe -UseBasicParsing -OutFile `
C:\PleasantPassServer.exe

Step 9: Login from another machine

• Configuration of Pleasant Password Server can be completed on another machine via the web interface.
• Login to your servername:
  
  • https://ServerName:10001
     

1. Have Questions?  Contact Us!

Change the Certificate, Port, or Database

• Service Config utility:
  • Use the Service config utility to change:
    • Database
    • Connection string & Encryption Key
    • Port
  • "C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.ServiceConfiguration.exe"

• Change Certificate:
  • Change Certificates by using PowerShell commands:  

    • PowerShell commands to change Certificates

  • Upload your certificate to the certificate store to this location:

    • Computer\Personal\Certificates

  • Change these certificate values via PowerShell or the Registry (see below)

    • CertificateName
    • StoreLocation
    • StoreName

Here is a list of registry keys:

• Registry Settings:

[HKEY_LOCAL_MACHINE\Software\Pleasant Solutions\PasswordManager] 
"Port"="10001"
"DatabaseProvider"="SQLite"
"CertificateName"="PasswordServer_Temporary_Placeholder_Certificate"
"StoreName"="My"
"StoreLocation"="LocalMachine"

Tools and Methods of Administering Server Core

• Windows PowerShell cmdlets:

  • Server Core doesn't have a UI, so you need to use Windows PowerShell cmdlets, command line tools, or remote tools to perform basic administration tasks.

• Windows Admin Center:

  • This is a unified management portal that you can use to administer your installation.

• Remote Server Administration Tools (RSAT):

  • These tools can be run on Windows 10 to manage Server Core.

• Server Manager:

  • This is a management console in Windows Server that helps you provision and manage both local and remote Windows-based servers from your desktops.

• Microsoft Management Console (MMC):

  • You can use many MMC snap-ins remotely to manage your Server Core server.

• Remote Desktop Services:

  • You can also manage Server Core remotely with Remote Desktop Services.

References

For better understanding and overview including setup and commands, etc., here are some great references:

• Install, Administration, Commands

  • Administer Server Core | Microsoft Learn

  • Manage Server Core | Microsoft Learn

  • Basic Commands to Configure and Manage Windows Server Core | Microsoft Learn

  • What is Server Core installation option in Window Server | Microsoft Learn

  • Install Server Core | Microsoft Learn

  • Configure Windows Server Core Basic Commands | WOSHub

  Remotely Manage IIS

  • Remote Administration for IIS Manager | Microsoft Learn

  • How to Remotely Manage IIS on Windows Server Core | CoadyTech

  • Manage IIS Remotely on Server Core | StephenWagner

Acknowledgment:

• Thanks go to Todd Pettit from OmniSite for their contribution of instruction steps.