Server Core Install
Discover how Pleasant Password Server will enhance KeePass for business
Here are steps, tools, and resources which will help you prepare and manage Windows Server Core, that is, a Windows Server without "Desktop Experience".
Pleasant Password Server can be administered primarily through a Web interface, making it a prime candidate for installing & running on "Server Core".
Applies to Installations on:
- Windows Server Standard
- Windows Server Datacenter
Sections:
- Benefits & Drawbacks
- Configuring Windows Server Core
- Install Password Server
- Change the Certificate, Port, or Database
- Tools and Methods of Administering Server Core
- References
-
Have Questions? Contact Us!
Benefits & Drawbacks
Benefits to using Server Core are:
- Reduced attack surface & improved application security environment
- Reduced maintenance & management requirements
- Reduced disk space & memory usage
However, the edition is limited:
- Minimal environment, no graphical user interface (GUI),
- Graphical applications are not supported,
- Only a clean, new installation of Windows Server Core is possible (i.e. cannot upgrade from a previous Windows version)
For more info: see What is Server Core installation option in Window Server
Configuring Windows Server Core
Step 1: Enable Windows Remote Management
- Confirm that WinRM is configured:
- Winrm quickconfig
- If WinRM (Windows Remote Management) is not installed you will be asked to configure it:
- Enable-PSRemoting
Step 2: Get Windows PowerShell Update
- If you use a WSUS server, skip this step.
- Download PSWindowsUpdate.zip file
Invoke-WebRequest `
https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/file/41459/47/PSWindowsUpdate.zip `
-UseBasicParsing -OutFile C:\Windows\System32\Windows\PowerShell\1.0\Modules\PSWindowsUpdate.zip
- Unzip archive
cd C:\Windows\System32\Windows\PowerShell\1.0\Modules Expand-Archive PSWindowsUpdate.zip `
-DestinationPath C:\Windows\System32\Windows\PowerShell\1.0\Modules
Step 3: Register & Run Microsoft Updates
- Register Microsoft Update Service:
- Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d
- Run updates from the Microsoft Update Servers, accept all updates, and auto reboot:
- Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot
Step 4: Set Power Plan to High Performance
- Set Power Plan to High Performance:
Try { $HighPerf = powercfg -l | %{if($_.contains("High performance")) {$_.split()[3]}} $CurrPlan = $(powercfg -getactivescheme).split()[3] if ($CurrPlan -ne $HighPerf) { powercfg -setactive $HighPerf } } Catch { Write-Warning -Message "Unable to set power plan to high performance" }
Step 5: Set TimeZone
- Check the current timezone:
- Get-TimeZone | Select Id
- Display all possible timezones (Display name / ID):
- tzutil /l
- Set the Time Zone Id (for example, for EST):
- Set-TimeZone US Eastern Standard Time
Step 6: Reduce boot delay
- Change time to display OS from 30 seconds to 5:
- bcdedit /timeout 5
Step 7: Disable IPv6
- This step is optional, and may be beneficial for some customers towards resolving some strange settings behaviours.
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" `
-Name "DisabledComponents" -Value 0xffffffff -PropertyType "DWord"
Install Password Server
From here, we will use PowerShell to run the executable and launch the installation gui, and can even click through through prompts as usual.
Step 8: Download & Install Pleasant Password Server
Download from one of the following version streams:
- Stable Version:
Invoke-WebRequest `
https://downloads.pleasantsolutions.com/package/b6ef48b6-658c-43f6-8cd0-f2392ed769e9/ `
PasswordServerStable/Current/PleasantPassServer.exe -UseBasicParsing -OutFile `
C:\PleasantPassServer.exe
- Latest Version:
Invoke-WebRequest `
https://downloads.pleasantsolutions.com/package/3f1c8809-2099-4237-8337-abd36006d111/ ` PasswordServer/Current/PleasantPassServer.exe -UseBasicParsing -OutFile `
C:\PleasantPassServer.exe
- Then run the .exe directly :
- C:\PleasantPassServer.exe
- Or run the .exe with switches:
- C:\PleasantPassServer.exe /install /quiet /log C:\log.txt
- Then installation screen will display. Follow the prompts.
Step 9: Login from another machine
- Configuration of Pleasant Password Server can be completed on another machine via the web interface.
- Login to your servername:
- https://ServerName:10001
- https://ServerName:10001
-
Have Questions? Contact Us!
Change the Certificate, Port, or Database
- Service Config utility:
- Use the Service config utility to change:
- Database
- Connection string & Encryption Key
- Port
- "C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.ServiceConfiguration.exe"
- Use the Service config utility to change:
- Change Certificate:
- Change Certificates by using PowerShell commands:
- Upload your certificate to the certificate store to this location:
-
Computer\Personal\Certificates
-
-
Change these certificate values via PowerShell or the Registry (see below)
- CertificateName
- StoreLocation
- StoreName
Here is a list of registry keys:
-
Registry Settings:
[HKEY_LOCAL_MACHINE\Software\Pleasant Solutions\PasswordManager] "Port"="10001"
"DatabaseProvider"="SQLite"
"CertificateName"="PasswordServer_Temporary_Placeholder_Certificate"
"StoreName"="My"
"StoreLocation"="LocalMachine"
-
Have Questions? Contact Us!
Tools and Methods of Administering Server Core
-
Windows PowerShell cmdlets:
-
Server Core doesn't have a UI, so you need to use Windows PowerShell cmdlets, command line tools, or remote tools to perform basic administration tasks.
-
-
Windows Admin Center:
-
This is a unified management portal that you can use to administer your installation.
-
-
Remote Server Administration Tools (RSAT):
-
These tools can be run on Windows 10 to manage Server Core.
-
-
Server Manager:
-
This is a management console in Windows Server that helps you provision and manage both local and remote Windows-based servers from your desktops.
-
-
Microsoft Management Console (MMC):
-
You can use many MMC snap-ins remotely to manage your Server Core server.
-
-
Remote Desktop Services:
-
You can also manage Server Core remotely with Remote Desktop Services.
-
References
For better understanding and overview including setup and commands, etc., here are some great references:
-
Install, Administration, Commands
-
Basic Commands to Configure and Manage Windows Server Core | Microsoft Learn
-
What is Server Core installation option in Window Server | Microsoft Learn
- Configure Windows Server Core Basic Commands | WOSHub
Remotely Manage IIS
Acknowledgment:
- Thanks go to Todd Pettit from OmniSite for their contribution of instruction steps.