Monday, October 29, 2012

Using RSAT to switch between the GUI and CUI of Windows Server 2012

Windows Server 2012 introduces the ability to change between the Graphical User Interface (GUI) and the Character User Interface (CUI). There are different ways in which you can do this. Of course you can use PowerShell to add and remove the features to go between Core and Full installation.

We will use the Remote Server and Administration Tool (RSAT) for Windows 8 to add and remove the GUI and CUI. To do this first install a Windows Server 2012 machine and promote it to a domain controller with all of the proper configurations and prerequisites already taken into measure. (It does not need to be a DC in your lab environment.)

The next step is to join a Windows 8 client to the Domain and then install the RSAT tool which can be downloaded by clicking here. By default all Roles, Features and Server Manager are enabled in the Windows 8 RSAT as shown below.

Our next step is to open Server Manager from the Windows 8 Client and add other servers to manage.

 Select the DC to manage to import the server and its roles and features to manage.

Our next step is to remove a role and feature to the DC. Remember we started out with a full installation of Server 2012. Click Manage at the top of the Dashboard and select remove Roles and Features.


Click Next twice and Select the DC as this is the server where you want to deploy or remove roles and features from.

Click Next to arrive at the remove features page of the wizard. Scroll down to the User Interfaces and Infrastructure Option. Uncheck both the  Server Graphical Interface and Graphical Management Tools and Infrastructure to turn the Server into the Character User Interface (CUI) also known as Server Core.

Click Next to confirm the removal of the features and check the box at the stop to restart the server once done.

Click remove and the process will start to remove the Graphical User Interface (GUI) from the server. Upon login you will be greeted with Character User Interface (CUI).

To add the Graphical User Interface (GUI) back to the server from the Windows 8 Client select add Roles and Features and head to the add features page of the wizard and check the boxes under the User Interface and Infrastructure.

By: Adnan Cartwright

Tuesday, August 7, 2012

Installing Active Directory on Windows Server 2012 Core

Microsoft has indeed made installing roles and features a great ease. To install Active Directory on Serve Core 2012 we must first configure the server to promote it to a domain by using the sconfig command.

The next step is to prepare our unattended file for Active Directory.

Our next step is run the unattended file to install Active Directory and DNS.

The Active Directory installation will run and install DNS.

As the installation runs normal Active Directory install and securing will take place.

Once completed depending on your unattended file the system will reboot if yes was selected in your answer file.

Once restarted the next step is to enable remote management to manage the Server Core from your Windows 8 Client. Using the sconfig command enter the remote management option by pressing 4 and then 1 to enable remote management.

To manage Active Directory from your Windows 8 client the next step is first join the Windows 8 client to the domain then install the Remote Server and Administration Tool (RSAT) for Windows 8. RSAT for Windows can be downloaded here.

Once RSAT is installed. Depending on your network needs you can turn on and off features to manage from your Windows 8 Client. By default all RSAT features are turned on for server roles and features.

From the Start UI you can now access Server Manager and Administrative Tools to manage your network.

In Server Manager select manage then add the server you would like to manage.

Once the server is added that you would like to manage. Select tools to choose the role or feature you would like to manage.

Now you can manage and configure Active Directory on Server Core 2012 from your Windows 8 Client.

PowerShell Configuration Added

Another way we can install Active Directory on Windows Server 2012 Core is using PowerShell. As you can see this server is still a non-domain server and apart of a workgroup.

Exit back to the command prompt by selecting 15 from the menu. From the command prompt type PowerShell to switch to PowerShell mode.

While in PowerShell Mode type Install-WindowsFeature AD-Domain-Services -IncludeManagementTools The binaries for Active Directory and perquisites will be installed as seen below.

With the installation now finished. We can add our AD Forest to the server to complete our AD install on Server 2012 Core. The yellow message below warns me that I did not check for any Windows Updates. Not needed for this demo but is best practice in production.

Next we will need to type the PowerShell command Install-ADDSForest -DomainName (enter your domain name here and remove brackets). In this case we will use CORP.FISG.LOCAL. So the PowerShell command I will use to add a forest will be Install-ADDSForest -DomainName CORP.FISG.LOCAL

Once the command is ran you will be prompted to add a SafeAdminPassword which is used for Active Directory Recovery. Put the password in and confirm it.

Once done you will get the final message that states that the target server will be configured as a Domain Controller. Select Yes to all and the promotion will take place as seen below.

You have now successfully configured your Server Core 2012 machine as a Domain Controller as seen below.

Happy Server Administrating. If you need to download Server resources or if you would like to try this lab in Azure visit:

For Server Downloads -

For a free trial of Windows Azure -

By: Adnan Cartwright

Wednesday, February 15, 2012

Configuring and optimizing SharePoint 2010 Search

Microsoft SharePoint has had a search engine since its first iteration, but SharePoint 2010 search is disabled by default.

SharePoint administrators are now faced with the challenge of activating search functions. Here are the steps necessary to enable SharePoint 2010 searches and optimize the indexing process. This advice assumes the use of SharePoint 2010 Standard or Enterprise Edition.

1. Create a SharePoint Search Service application
You must create a search service application to make SharePoint 2010 searchable. To begin, log on as an administrator and open the Central Administration console.

Next, click the Application Management link, then the Manage Service Applicationslink. On the next page, click the New icon and choose the Search Service Applicationoption (Figure 1).

Figure 1. Select the Search Service Application option in SharePoint 2010.

You will now see the Create New Search Service Application page (Figure 2). Name the search service application. We’re not using FAST search, so set the FAST Service Application option to None.

Figure 2. Give your new SharePoint 2010 service application some parameters.

Next, select a service account your SharePoint 2010 search service application can use. SharePoint 2010 is configured to use the Network Service account by default, but you can also provide a dedicated account by clicking the Register New Managed Account link.

Note: Later in this tip, you’ll see that you must perform several steps in order to give the service account the necessary permissions. These steps are required regardless of whether you use the network service account or a dedicated service account.

2. Create a SharePoint 2010 application pool
Now that you’ve created a new search service application, you must link it to an application pool. While you can link the application to an existing application pool, you’re better off creating a dedicated application pool to isolate the search service application from your other Web applications.

You can create an application pool directly through the dialog box shown in Figure 2 by selecting the Create New Application Pool option and naming it. You must now provide a service account for the new application pool.

Once again, you can use the network service account or a dedicated account. If you use a dedicated account, select the Configurable option and select the account you want to use. If the service account is not listed, click the Register New Managed Account link and follow the prompts.

It’s also smart to create a dedicated application pool for the Search Query and Site Settings Web Service. This is accomplished in the same dialog box you have been working in, and the procedure is identical to the one described in the previous paragraph. After entering the application pool data, click OK to create the new search service application. Once the application is ready, click OK.

3. Assign the necessary permissions
Now that you’ve created the search service application, be certain the service accounts you specified have the necessary permissions. The Central Administration console displays a list of all of the service applications. Scroll through the list until you locate the User Profile Service Application. Select it, then click on the Administrators icon in the ribbon (Figure 3).

Figure 3. Click on the Administrators icon in the SharePoint 2010 ribbon.

When the Administrators for User Profile Service Application dialog box appears, add the service account to the list of administrators. If you’re using the Network Service account, it should be listed by default. Select the Retrieve People Data for Search Crawler checkbox, then click OK (Figure 4).

Figure 4. Select the Retrieve People Data for Search Crawlers check box in SharePoint 2010.

You must also make certain that your service accounts have read permissions for your SharePoint 2010 site and the other sites you want to crawl. If you don’t, the search application cannot index site content. To do so, click the Application Management link, then the Manage Web Applications link. Select the SharePoint – 80 Web application and click the User Policy icon in the ribbon (Figure 5).

Figure 5. Select the SharePoint 2010 site you want to search and click the User Policy icon.

When the User Policy for Web Applications dialog box appears, make sure your service account has Full Read permissions (Figure 6). This will happen automatically if you chose the local service account, but if you chose to use a dedicated service account, you must add it to the list.

Figure 6. Your SharePoint 2010 service account must have Full Read permissions whether you use a local or dedicated service account.

4. Set your crawling options
Now that you’ve created the necessary service account, configure your crawling options. Click on the Application Management link, then the Manage Service Applications link. Click on the SharePoint 2010 service application you created earlier to access the administration page (Figure 7).

Figure 7. The SharePoint 2010 Search Administration page contains links to numerous search options.

Now, specify which sources to crawl. To do so, provide SharePoint with enough information so that all the user data will be crawled. But also consider whether anything should be omitted. Specifying excessive crawl sources can bog down the crawler, which increases the odds that SharePoint 2010 returns irrelevant search results.

To specify content sources, click on the Content Sources link. The Local SharePoint site is listed as a crawl source by default. However, you can use the New Content Source option to add additional URLs to crawl.

After creating a new content source, SharePoint 2010 gives the option to set a schedule for both full crawls and incremental crawls (Figure 8). You can also set a priority for the content source. These options help minimize the impact the crawling process has on the server while simultaneously giving priority to your most important content sources.

Figure 8. You can set schedules and priorities for SharePoint 2010 crawling content sources.

After specifying the crawl sources, take a look at the File Types option (Figure 9). This lets you specify which types of files to be indexed during the crawl. You can improve the crawler’s performance and search-result relevancy by omitting unnecessary file types.

Figure 9. Control which file types to crawl in SharePoint 2010.

If you notice degradation in performance on your SharePoint site, you can create Crawler Impact Rules to limit the impact of the indexing process. Crawler Impact Rules control the number of simultaneous requests the crawler makes against the site. You can also force the crawler to index one document at a time and to wait for a specific number of seconds between requests (Figure 10).

Figure 10. Throttle the SharePoint 2010 crawling process with Crawler Impact Rules.

Brien Posey is an eight-time Microsoft MVP with two decades of IT experience. Before becoming a freelance technical writer, Brien worked as a CIO for a national chain of hospitals and healthcare facilities. He has also served as a network administrator for some of the nation’s largest insurance companies and for the Department of Defense at Fort Knox.

Wednesday, January 25, 2012

Using Network Access Protection

Network Access Protection (NAP) has become the standard when protecting your environment. It is not just a policy to restrict infected computers from the network. But a policy to encourage computers to comply with security and health requirement policies and reduce the risk of malware spreading.  Non-compliant clients can be restricted from accessing intranet resources or communicating with compliant computers. Using Network Access Protection (NAP), IT administrators can require client computers to be healthy and comply with corporate health requirement policies. For example, client computers can obtain a full connection to the intranet only if they have recent security updates, anti-malware definitions, and other security settings.

Using NAP requires that NAP-enabled clients submit a health certificate for authentication when creating the initial connection with the Network Policy server. The health certificate contains the computer’s identity and proof of system health compliance. A NAP-enabled client obtains a health certificate by submitting its health state information, either to a Health Registration Authority (HRA) that is located on the Internet, or to an internal HRA server accessible using the infrastructure tunnel.

By using NAP, a non-compliant client computer that becomes infected with malware can still connect to all the specified management servers (for example, DNS, DC, HRA, and remediation servers) through the infrastructure tunnel, but it cannot connect to all other intranet resources. Access to the remediation servers is crucial to remediate the non-compliant state of the client.

The video installation tutorial and lab is available for viewing at

By: Adnan Cartwright

Thursday, January 5, 2012

Some New Features of a Windows 8 Environment

We took a little time in lab to identify some of the new features that are included in the Developer Preview of Windows Server. So we configured a small lab detailed below in Figure 1.

Figure 1

This early release of the new Windows Server looks to be promising. The quick of ease of configuration and navigation was instantly recognized even to our new added IT Professionals. The Server Manager has been outfitted with a new dashboard as show in Figure 2.

Figure 2

Server Manager is where Network Administrators will be spending most of their time when installing, configuring and evaluating a network. So what’s new in Server Manager and why the big hype? For starters you can perform tasks on multiple servers at one time, deploy roles and features remotely, get current status of your servers and roles and add remote servers and create custom server groups. Giving an Admin more control over the environment that they are managing.
Adding a role in the Developers Preview of Server can be easily navigated even if you have never used Server 2008 or Server 2008 R2 before. There is now a pool that identifies the servers on your networks that you have added. As you can see in Figure 3 we have only our PDC ready to go so far.
Figure 3

The same lists of roles are readily available with the Volume Activation Service and Remote Desktop Services newly added. Figure 4 shows an outline of available roles to install in this release.
Figure 4

The features that are now available are numerous and too many to mention. Seeing is believing and pictures are worth more than a thousand words. Figure 5 and 6 shows the complete list of features.

Figure 5

Figure 6

The installation and straight forward and once completed the role that has been installed needs to be configured. The ease of the navigation we just could not get over. The walkthrough is so easy that a newbie to Active Directory Domain Services. We are still eager to know what functionality does the Windows Server 8 functional level bring and will keep you posted. The best practices analyzer (BPA) has been added to the role installation wizard. The job of this tool is to verify that all necessary and required components are met before the role goes on to be installed. If this feature is kept in the final version it will prove to be a valuable asset to ensure that roles are setup and configured correctly. Figure 7 shows the prerequisite check for the install for Active Directory.

Figure 7

Installing a role from any server to any server is indeed a new nice feature. Given the Server Core installations in a branch office. The addition and removal of roles can be done once the servers of choice have been added to the server manager group. This feature will indeed prove to be very helpful when managing different boxes. At the time of this review only Windows Developer computers were able to utilize this feature. Server 2008 R2 and below cannot. I am hoping that they add it to final version. Figure 8-11 shows DC1 preparing MEM1 for role install and completion.

Figure 8

Figure 9

Figure 10

Figure 11

As seen in Figure 11. The post installation of a role can be done from the remote computer. And Figure 12 shows the final result on Mem1 with DHCP and NPS ready to go.

Figure 12

So far we can expect some great new features to make our admin job a little less stressful and more productive. Be sure to be on the lookout for Window Server Developer Preview NAP enforcement of a Windows 8 client.

By Adnan Cartwright
Florida IT Server Group