Information about joeware mixed with wild and crazy opinions...
I submitted a bug for Longhorn this last Saturday, Microsoft turned it around two days later and it is listed as fixed. It was an issue I found with LH activation. Gotta love that turnaround speed…
Type
Bug
ID
276936
Status
Closed (Fixed)
Access Restriction
Private
Opened By
jricha34
Blocking Issue
No
Opened
5/12/2007
Submission Language
English
Resolved
Closed
5/14/2007 10:04:11 AM
You knew this was going to happen when Dreamz said it was the hardest decision he had to make. If he actually had any honor whatsoever, it wouldn’t have been a difficult decision, it wouldn’t even be a decision. You don’t accept a piece of gum in exchange for a promise let alone a Ford F350 unless you intend to fulfill that promise.
Happy Mom’s Day to all the Mom’s out there!
Along with the requests for how is Server Core less resource intensive, there were requests for more info on how to do various things in Server Core that you tend to do right off when setting it up to test. I will admit I am by far not the expert here, lots of other folks have spent a lot more time working on this stuff so I highly recommend using google to go look, but right off, book mark this blog if you haven’t already:
Server Core – http://blogs.technet.com/server_core/default.aspx
So let’s assume you don’t use an unattend file to build your server core, you pop in the CD, you enter your license key and select Server Core, what next? All sorts of things, here are some of the things I do, note I don’t guarantee any of this, it isn’t official documentation, it is just stuff that I have worked through or found and work for me.
1. The first thing I do is install VMWare Tools. You will click on VM | Install VMWare Tools. Normally you will see a MSI file take off and start the installation process. You likely won’t see that on Server Core, at least I have yet to have seen that in I don’t know how many installs I have done. So what do you do?
Switch to D: Drive (or whatever drive if your CD/DVD is another drive)
Type “VMWare Tools.msi”
Walk through the prompts and reboot when it asks
2. Next, I recommend increasing screen res if you are going to do much from the VMWare Client. If you plan on doing everything through RDP, go ahead and skip this. I never did this until some recent testing forced me to.
The first step is to find where the heck the key is that you need to modify. Since part of the key will have a randomly generated GUID, this isn’t the most straightforward, but hopefully the method I give here will be easy. It involves searching in the right branch for a specific registry key that only exists (to my knowledge) in the subbranch that you want to work on for this action.
reg query hklm\system\currentcontrolset\control\video /s | findstr /i volatile
That will result in one or more strings like
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\video\{F6E7436E-54D0-482E-87CD-DAB680AF6216}\0000\VolatileSettings
You need all of the reg path info prior to the \VolatileSettings. You can then run the following command to change your screen res to 1152×864 (what I tend to run in, if you want something else, change the hex values but be careful, you could dork it up and not get to see your screen on your monitor – remotely modify machine in that case).
reg add HKLM\system\currentcontrolset\control\video\{F6E7436E-54D0-482E-87CD-DAB680AF6216}\0000 /v DefaultSettings.XResolution /d 480 /f
reg add HKLM\system\currentcontrolset\control\video\{F6E7436E-54D0-482E-87CD-DAB680AF6216}\0000 /v DefaultSettings.YResolution /d 360 /f
While you are there, you might as well turn on the video hardware acceleration although I haven’t seen it doing much if anything yet… But just in case…
reg add HKLM\system\currentcontrolset\control\video\{F6E7436E-54D0-482E-87CD-DAB680AF6216}\0000 /v Acceleration.Level /d 0 /f
Obviously, starting with Beta 3, you can also use regedit to do this work.
3. I recommend changing the window drag format from full window to outline. This is easier… You do need quotes around the registry key though because some bright boy put a space in the name…
reg add “HKCU\Control Panel\Desktop /v DragFullWindows /d 0 /f
4. For my private lab environments I turn off the screen savers, they annoy me
reg add “HKCU\Control Panel\Desktop /v ScreenSaveActive /d 0 /f
If you prefer you can just change how long it takes for the screen saver to start. This is in seconds (decimal), here I am setting it to 1 hour. Again, not something I recommend for production.
reg add “HKCU\Control Panel\Desktop /v ScreenSaveTimeOut /d 3600 /f
5. Set up CSCRIPT to be your default WSH Script engine. Not sure why it isn’t the default on Server Core…
CSCRIPT //H:CSCRIPT
6. Set up your Server Core so you can RDP into it (including from back level RDP clients)… Assumes you followed Step 5
SCRegEdit.wsf /AR 0 /CS 0
netsh firewall set portopening tcp 3389
If you are a firewall lover and have been playing with netsh in Longhorn you know there is an advfirewall interface available and there are specific rules for RDP called “Remote Desktop (TCP-In)”. You can, if you want, go into advfirewall and enable that rule but you will type far more than using the basic firewall command above and the system is smart enough to know that the above command is enabling the public version of “Remote Desktop (TCP-In)”.
7. Rename server (not joined to domain)
netdom renamecomputer %computername% /newname:[insert new name here]
8. Restart computer ASAP
shutdown /g /t 1
9. Log off
logoff
10. Set time/date/timezone
timedate.cpl
11. Pull up task manager
CTRL-SHIFT-ESC
or
taskmgr
12. Check activation status… Assumes you followed Step 5
slmgr -xpr
13. To activate. You don’t have to do this right away, you have a month to play…
slmgr -ato
14. To get a list of some other things you can do
SCRegedit.wsf /cli
I could give more but this should be enough to get people moving forward and learning how to do things.
joe
The response I have gotten from the Server Core posts has been pretty good, tons of emails and a several comments posted directly to the blog. Seems people are very interested; that is very good IMO. Some of the emails were asking questions like “We keep hearing it is so much lighter and uses less resources, can you say anything more about that?”
Not really, but I will give it a shot… I just now built a bare bones Server Core guest and a bare bones Full Server guest (both Beta 3) to specifically gather some specs. I loaded the VMWare Tools on the virtuals as well because it annoys me when they aren’t running. Here are the specs:
Full Server
Dirs: 22009
Files: 38810
Bytes: 6,359,811,812
Full Reg Dump: 78,976,210 bytes
(From Task Manager – no load)
Physical Memory (MB)
Total: 510
Cached: 336
Free: 6
Kernel Memory (MB)
Total: 58
Paged: 38
Nonpaged: 19
System
Handles: 7740
Threads: 403
Processes: 37
Page File: 230M / 1509M
Server Core
Dirs: 9223
Files: 13022
Bytes: 1,803,802,566
Full Reg Dump: 39,926,858 bytes
(From Task Manager – no load)
Physical Memory (MB)
Total: 510
Cached: 185
Free: 191
Kernel Memory (MB)
Total: 42
Paged: 26
Nonpaged: 16
System
Handles: 5826
Threads: 306
Processes: 28
Page File: 169M / 1509M
Deltas
Dirs: -12786 (58.1% reduction)
Files: -25788 (66.4% reduction)
Bytes: -4556009246 (71.6% reduction)
Full Reg Dump: -39049352 bytes (49.4% reduction)
(From Task Manager – no load)
Physical Memory (MB)
Total: Same
Cached: -151 (44.9% reduction)
Free: +185 (3083.3% increase)
Kernel Memory (MB)
Total: -16 (27.6% reduction)
Paged: -12 (31.6% reduction)
Nonpaged: -3 (15.8% reduction)
System
Handles: -1914 (24.7% reduction)
Threads: -97 (24.1% reduction)
Processes: -9 (24.3% reduction)
Page File: -61 (26.5% reduction)
Just so I don’t forget what I just worked out.
To change screen resolution on Longhorn Server Core, modify
HKLM\System\CurrentControlSet\Control\Video\[GUID]\0000\DefaultSettings.XResolution
HKLM\System\CurrentControlSet\Control\Video\[GUID]\0000\DefaultSettings.XResolution
On VMWare Server I am finding 1162×864 works out well. The value for [GUID] will depend on the installation. It seems under \Video\ there are usually multiple GUIDs listed, the first one enumerated usually seems to be the one you need to go in and work on. It is easy to tell (so far), because if you expand the \0000\ key, the right one will have a \VolatileSettings\ key under the \0000\ key. Plus it is the only \0000\ key that will have a value under it for Acceleration.Level. I need to write something to do this modification.
To change hardware acceleration, change
HKLM\System\CurrentControlSet\Control\Video\[GUID]\0000\Acceleration.Level
to the value 0. The thing is is that it doesn’t seem to really change anything. Mouse experience is still shaky.
To change the full window dragging (this helps a lot on VMWare), change
HKCU\Control Panel\Desktop\DragFullWindows
to the value 0.
joe
Have you heard of this thing? Longhorn Server Core that is? Do you know what it is? Do you care? Yes mom, I know you don’t know and you don’t care, you can skip this posting… 🙂
Longhorn Server Core is a new version of Windows Server that looks something like the following image when you log on:
This is, of course not what most people are used to seeing and it very likely is going to confuse the hell out of many point and click admins.
For some of us, well a lot of us, this is an extremely exciting development, it represents Microsoft truly trying to embrace security and efficiency in their operating system. The Shell stuff is stripped out as well as just about anything else that isn’t critical to basic operations. This means you can’t use Media Player to play MP3s or use I.E. to web surf… but you know what, you shouldn’t be doing that stuff on servers anyway. Servers are for real work, not screwing around.
Recently though,yesterday in fact, Susan Bradley of SBS fame mentioned on the ActiveDir Org list that at the MVP Summit another MVP said, and I quote:
“I saw this server core product while I was up there… what were they thinking! No one will use that! I told them they were crazy to even built that.”
That scares me and makes me question the sheer number of people we have as MVPs at the moment but that is a whole other story. I will just assume that this MVP was an XBOX MVP or Flight Simulator MVP or an SBS MVP and doesn’t see the sheer beauty and intelligence behind Server Core.
Microsoft kind of looked around at all of the vulnerabilities they had to patch and realized that if they stripped servers down to the core components, something like 80%+ of the patches weren’t needed. I am sort of making that percentage up based on something I heard a couple of years ago when they first announced this but I think it is pretty darn close. So that makes you wonder, how many other things does that protect you again? My answer… a veritable shitload… especially if you combine this lockdown of the number of bins on the box with all of the great security advanced made in the Vista/Longhorn source tree. Sure some of the stuff is a pain in the ass and sure it is going to break a lot of programs but man it will be nice to feel relatively safe most of the time. Not living in constant fear of what is coming the second Tuesday of the month. Right now, if you religiously patch your servers, you are generally pretty lucky to have an uptime that exceeds a month. It isn’t that Windows Servers can’t do it, I used to do mad uptimes back in the 90’s on NT4 when the security environment wasn’t nearly so harsh, it is just that you have patches coming from the left right and center every month and nearly all of the good ones require a reboot. So Server Core should help with this considerably.
Server Core is also a lot less .FAT than full blown Windows. It is Windows after Weight Watchers with a prom coming up and working to fit into that size 2 slinky dress… This is wonderful for virtualization. I shouldn’t need to list the reasoning behind that, exercise left to the class.
Now you have to keep in mind, with this stripped down version of Windows, not everything is going to run the same or possibly even at all on it. Right off, anything requiring IE is going to find a challenge here. Anything needing the .NET framework at least initially will be SOL. I have even seen bitching in various forums about apps that try to use the builtin ZIP functionality of Windows not working on Server Core… That would be because ZIP functionality isn’t core to the Windows OS… So before you think, I will run everything on this, you will need to be testing.
So joe, you ask with a coy look and a teasing flip of the hair… Who is going to use this thing?
Obviously I don’t agree with anonymous MVP guy and think it will be used but I also don’t think that everyone is going to go nuts and install it. I think eventually its use will be extremely high but it will take a bit to get there. I expect the initial deployers will be along these lines:
That last, #6, isn’t one I originally came up with when I posted this list to activedir.org earlier, but I fully concur with it. Thanks to Steve Evans for seeing I missed it and piped up with it.
Now who definitely won’t use Server Core? Right off, Admins who know nothing but the GUI and don’t have the ability to learn anything but the GUI. These people, IMO, need to be thinking that they may have a limited existence, certainly in larger orgs. I was also initially thinking SBS (Small Business Server) was straight out as well. But as I think about it more and more, I like Server Core in an SBS environment… My feelings are generally pretty well documented about how I am not a fan of extra services (read security exposure) on Domain Controllers. I mean, I don’t even like AV engines that have auto update capabilities or external interfaces to manage the software. Then you take an SBS server which is basically a Domain Controller with just about every other possible piece of Server Software that can possibly be installed without the box simply cutting its own throat. If you have a patch or something, say a critical DNS patch, that requires a reboot, in general, your whole domain, your file and print, your web server, your DB Apps, your mailboxes, your internet access, you name it, it all goes down because it is all on the same machine. Most people find that unacceptable. I know I do, if a domain goes down completely in a reboot I wonder what my chances are of it coming back up as well as the chances of me getting to some island before getting called back to fix it. It reminds me of the Disaster Recovery Plan I once heard from a guy who ran AD for a very large company… “We depend on the geographically distributed nature of our data centers and if that fails us we hope to be able to restore from a backup (but don’t test them). Plan B is a bag of cheese puffs and a one way ticket to Aruba.”
Err so where was I… Oh yeah, I segwayed from SBS with a 25 user count to a company approaching 200k users… how *do* I do that? So SBS… I think this would be a great place to run Server Core… You have some cool virtualization coming shortly after Longhorn called the Hypervisor or code name Viridian. Visualize your one physical SBS box running multiple virtuals, like for instance two virtual domain controllers, two virtual file servers, two virtual Exchange Servers, two virtual SQL Servers. Stuff clustered as necessary (AD obviously doesn’t need it) and voila you now have a single physical server in use for SBS but set up so that rebooting a single server for patching or issues you don’t lose the whole darn environment. You will still need to occasionally lose the whole thing but I would expect it to be far less often since it would only have to be if the “Host” or physical box needed it. There could be one control guest server on the machine which was full whiz bang GUI and it would be configured to easily manage all of the various virtual guests on the machine. The SBS team could do some amazing things with this I think.
Ok this is enough for me, I am about ready to fall out of my chair and sleep on the floor.
joe
Ah no. In fact that is absolutely incorrect to the nth decimal place.
This has been coming up a lot lately and I have been fielding quite a few questions on it.
Plain and simple, if you have a Windows Server 2003 RTM Server and you have not disabled the DNS RPC Management Interface you are in immediate danger of being DOS’ed or being hacked. The code is out there. There is no patch for it for you. I blew up the DNS Service on a Windows Server 2003 RTM box about 15 times in a row today just to authoritatively prove it out. If I had the right offset values, I would be able to execute a remote shell as localsystem.
So what are the arguments that make you feel you are safe with Windows Server 2003 RTM?
1. I ran Shavlik and it didn’t say there was any patches needed on my Windows Server 2003 RTM Server. It must be safe!
1A: NO, you aren’t safe. This is very simple, Shavlik doesn’t do a security test of your machine, it does a patch list check. It looks at what MSFT has available for your machine and looks at what is installed on your machine, any delta is highlighted as something that needs to be installed.
2. I looked at the TSB (Technical Security Bulletin) and it does not mention Windows Server 2003 RTM in the affected software category. It must be safe!
2A: NO, you aren’t safe… Correct, it isn’t mentioned in the affected software category. That category looks like:
Affected Software:
• Microsoft Windows 2000 Server Service Pack 4 — Download the update
• Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2 — Download the update
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems — Download the update
• Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2 — Download the update
However you also need to look at the Non-Affected Software category as well. It looks like:
Non-Affected Software:
• Microsoft Windows 2000 Professional Service Pack 4
• Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
• Windows Vista
• Windows Vista x64 Edition
What don’t you see in the non-affected software list? You don’t see Windows Server 2003 RTM…. It isn’t specified on either list… There is a very simple reason.
Both 1 and 2 are related to the fact that Windows Server 2003 RTM went out of support on April 10, 2007. Yes, exactly one month ago. That means you will no longer see any hotfixes for that version of Windows. Period. Your option is to load either Service Pack 1 or Service Pack 2. Service Pack 1 will be supported until April 14, 2009. For a list of all support dates, check out http://support.microsoft.com/gp/lifesupsps#Windows
Something that confuses people is that Windows Server 2003 RTM is unsupported but Windows 2000 Server SP4 is supported. They think, hey Windows 2000 is older, if that is supported, obviously Windows Server 2003 RTM is supported. That isn’t how it works. I am not going to explain Microsoft Software Lifecycle policy but just trust me, it doesn’t work that way.
So if you take anything away from this blog post take these three things….
1. Windows Server 2003 RTM is NOT safe from the DNS Management RPC Interface Exploit.
2. Shavlik doesn’t do a security check, it does a patch check. If a patch doesn’t exist for your version of Windows, you won’t be told you need to patch that issue. Since Windows Server 2003 RTM is no longer supported, you should see no more patches listed as needed for it in Shavlik once you patch up to last months patch batch.
3. The Microsoft KBs do not specifically mention Software that is out of support. If you don’t see it, don’t assume that means you aren’t at risk.
The other day I mentioned (http://blog.joeware.net/2007/05/07/868/) how it appears IBM will be laying off 150k or so Global Service folks… There have been a few good comments I have run across to the article
This first one made me chuckle but it is so true folks…
First they outsourced off the call centre workers and I did not speak up because I was not a call centre worker.
Then they outsourced the testers and I did not speak up because I was not a tester.
… and then they outsourced me.
Ben Grimer | May 04, 2007 | 12:20PM
———–
This comment hit home, I have seen similar in large companies I have worked for on a couple of occasions for a couple of different things. In one large company, the CIO was a former IBM Sales guy and several projects came down to review global topics such as Monitoring etc and in every case the project teams were unofficially told prior to making the final decision… The answer is IBM. Execs don’t seem to put together groups to find the right answers, they put together groups to find the answers they want justified…
I have been with IBM Global Services for over 15 years, and I fear my “value” will come to an end not for any lack of skill or contribution on my part, but solely due to the myopic drive by the executives to make Wall Street happy, thereby maximizing their own net worth due to the enormous number of shares they all own.
One internal rumor regarding LEAN was that the external consultancy hired to actually perform the analysis was discharged after their principal finding was that IBM is far too top heavy in the executive and management ranks. Not having heard the answer they thought they were paying for, the executives subsequently took ownership of LEAN to pursue the path they had already planned.
Once again, those guilty of plundering and wrecking a formerly great company will retire to a continued life of wealth and ease just about the time the remaining shell implodes.
Anonymous IGS Employee | May 04, 2007 | 12:58PM
———–
This comment made me go hmmm, for all of about 5-6 seconds. It is an interesting idea but the problem is that if these people are all techy type people this would almost certainly fail. Most techy people can’t manage their way out of wet paper sack. Management skills and technical skills don’t seem to align really well. I have seen very few people in IT who could do both well consistently. Usually you have very good managerial skills or you have good technical skills or your skill set resides in the fact that you can hide that you don’t have any useful skills (you know who you are). As much as hate to say it and that my manager will love to hear me say, without good management, a bunch of techies are not going to do well running a company of 150k people. However, think if you took all of the displaced and really good onshore technical people from the likes of IBM and HP and other companies known for really smart people and put them in one company to compete with the pack… A company that uses offshore resources but in an intellligent way, not just throws them at problems and see if they stick. Sure it would be more costly to companies initially but I can see long term that company blowing the big ones out of the water from a quality standpoint and eventually maybe even from a pricing standpoint.
Bob,
What if those experienced, known by their customers, 150K engineers banded to create their own, non-top heavy, competitor to IBM GBS? They know the systems, they know the market, they know their customers, they should know that non-compete agreements are very hard to enforce. Cut out the management and the insane compensation of said management, and you can likely be competitive on bids, while presenting a much more acceptable face to your customers. Call you company XIBM.
And when IBM does fall, you’ll have the market to yourselves.
I, too, remember when IBM was the company everyone in computers wanted to work for. Obviously, not that company any longer.
david | May 04, 2007 | 1:27PM
———–
LOL
IBM – Idiots Become Managers
The IBM mantra: If 1 woman can have a baby in 9 months, then 9 cheaper women can have a baby in 1 month.
Or, to put it another way, 1 person with 15 years experience can be replaced by 15 cheaper people with no experience.
Doens’t work that way….
intheknow | May 04, 2007 | 3:42PM
———–
I wonder how much this will happen and how many customers will actually be unhappy about it… Note to customers when signing outsourcing deals…. Maybe put in stipulations on where the help desk needs to be or at least the percentage of workers. My experience is that folks don’t like calling India. The culture and the accents can be a bitch to get past when trying to explain a sticky technical problem.
LEAN came through this week and we lost several key hard-working employees, some with 30+ years experience. They will not be replaced by Americans or Asians. Instead, the remaining employees will pick up the slack, at least until the fortunate ones, myself included, are able to find a job with someone who cares.
As a good example of IBM’s complete disrepect and contempt of their customers, two weeks ago our level one help desk was outsourced to India WITHOUT THE CUSTOMER’S KNOWLEDGE! We were told not to leak the information to them “because they would be upset,” as if they would somehow not notice (they have not so far, although the customer’s complaint levels have risen dramatically).
A quitting IBMer | May 04, 2007 | 4:26PM
———–
A techie union… Interesting… Maybe this is the way to go… If someone plans on doing this though, they better do it before they spend their time moving the work over to India/China/etc or else they won’t have much leverage. I am afraid though that a techie union would suffer in the same ways unions in other areas suffer… the union exists to protect itself first and then the members second. In the meanwhile the union keeps sucking money out of the members. On the flight back from Vegas a week or so ago I was at the back and the flight attendants were talking about how the union takes $75 a month from them and the local gets like $6 and the rest goes to the corporate union and they are wondering what the heck they are even doing…
It’s time to unionize before it is too late!
feeling blue | May 04, 2007 | 4:43PM
 Haha. Too funny. Internet Explorer not trusted… About time. 🙂
I’m a dumbass, I read the image too quickly, it didn’t bust IE, it busted Windows Explorer, totally not as funny.
Â
Â
[joeware – never stop exploring… :) is proudly powered by WordPress.]
