Server Core - Install Preparation Steps

(Windows Server Standard or Windows Server Datacenter)

Here are steps to prepare you for installation on Windows Server Core, that is, editions without "Desktop Experience".

Pleasant Password Server can be administered primarily through a Web interface, making it a prime candidate for installing & running on "Server Core".

Please Note:

  • These steps are provided: because currently the application installer uses a graphical interface
  • Improving these steps are in progress and are provided as-is. (see the acknowledgment at the bottom)
  • Please check back for further updates!
  1.  

  2. Have Questions?  Contact Us!

Benefits & Drawbacks

Benefits to using Server Core are:

  • Reduced attack surface & improved application security environment
  • Reduced maintenance & managment requirements
  • Reduced disk space & memory usage

However, the edition is limited:

  • Minimal environment, no graphical user interface (GUI),
  • Graphical applications are not supported,
  • Only a clean, new installation of Windows Server Core is possible (i.e. cannot upgrade from a previous Windows version)

For more info: see What is Server Core installation option in Window Server

Configuring Windows Server Core

Step 1: Enable Windows Remote Management

  • Confirm that WinRM is configured:
    • Winrm quickconfig
  • If WinRM (Windows Remote Management) is not installed you will be asked to configure it:
    • Enable-PSRemoting

Step 2: Get Windows Powershell Update

  • If you use a WSUS server, skip this step.
  • Download PSWindowsUpdate.zip file
    • Invoke-WebRequest https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/file/41459/47/PSWindowsUpdate.zip -UseBasicParsing  -OutFile C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate.zip 
  • Unzip archive
    • cd C:\Windows\System32\WindowsPowerShell\v1.0\Modules
    • Expand-Archive PSWindowsUpdate.zip -DestinationPath C:\Windows\System32\WindowsPowerShell\v1.0\Modules

Step 3: Register & Run Microsoft Updates

  • Register Microsoft Update Service:
    • Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d
  • Run updates from the Microsoft Update Servers, accept all updates, and auto reboot:
    • Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot

Step 4: Set Power Plan to High Performance

  • Set Power Plan to High Performance:
    • Try {
          $HighPerf = powercfg -l | %{if($_.contains("High performance")) {$_.split()[3]}}    
          $CurrPlan = $(powercfg -getactivescheme).split()[3]    
          if ($CurrPlan -ne $HighPerf)    
          {
              powercfg -setactive $HighPerf    
          }
      } Catch
      {       
          Write-Warning -Message "Unable to set power plan to high performance"
      }

Step 5: Set TimeZone

  • Check the current timezone:
    • Get-TimeZone | Select Id
  • Display all possible timezones (Display name / ID):
    • tzutil /l
  • Set the Time Zone Id (for example, for EST):
    • Set-TimeZone US Eastern Standard Time

Step 6: Reduce boot delay

  • Change time to display OS from 30 seconds to 5:
    • bcdedit /timeout 5

Step 7: Disable IPv6

  • This step is optional, and may be beneficial for some customers towards resolving some strange settings behaviours.
  • New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name "DisabledComponents" -Value 0xffffffff -PropertyType "DWord"

Install Password Server

From here, we will use PowerShell to run the executable and launch the installation gui, and can even click through through prompts as usual.

Step 8: Download & Install Pleasand Password Server

  • Download either:
    • Stable Version:
      • Invoke-WebRequest http://downloads.pleasantsolutions.com/package/b6ef48b6-658c-43f6-8cd0-f2392ed769e9/PasswordServerStable/Current/PleasantPassServer.exe
    • Preview Version:
      • Invoke-WebRequest http://downloads.pleasantsolutions.com/package/3f1c8809-2099-4237-8337-abd36006d111/PasswordServer/Current/PleasantPassServer.exe -UseBasicParsing -OutFile C:\PleasantPassServer.exe
  • Run the .exe:
    • C:\PleasantPassServer.exe
  • The installation screen will display. Follow the prompts as usual.

Step 9: Login from another machine

  • Configuration of Pleasant Password Server can be completed on another machine via the web interface.
  • Login to your servername:
  1. Have Questions?  Contact Us!

Optionally: Change the Certificate, Port, or Database

  • These settings can be changed by running the Service Config utility:
    • "C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.ServiceConfiguration.exe"
  • However, these values can also be changed for the following stored items, by first finding them in the Windows registry:
    • Database, Port, Connection String, and Certificate values
      • [HKEY_LOCAL_MACHINE\...\Pleasant Solutions\PasswordManager]
        "Port"="10001"
        "DatabaseProvider"="SQLite" 
        "DatabaseConnectionString"="Data Source=[DataFolder]\PleasantPassServer.db;Key=aes256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
        "CertificateName"="PasswordServer_Temporary_Placeholder_Certificate"
        "StoreName"="My"
        "StoreLocation"="LocalMachine"
        
  • Certificate:

      1. Upload your certificate to the certificate store to this location:
        • Computer\Personal\Certificates
      2. Change the CertificateName to match your certificate
  • Database:

    • Change the DatabaseProvider: "SQLite", "MSSQL" or "PostgreSQL"

    • Change the DatabaseConnectionString to use the appropriate connection string

       

Have Questions?  Contact Us!

  1.  

References:

 

Acknowledgment:

  • Thanks go to Todd Pettit from Omnisite for their contribution of these instruction steps.
Tag page
You must login to post a comment.