Posts Tagged ‘Netsh’

WiFi Profiles for Windows 8

So Windows 8 is here, to little fanfare at the University.  While I am always happy to have an updated version of Windows to work with, I see that I have yet to blog anything about it.  Perhaps that is because, unlike with the release of Windows 7, there was so little that was relatively “wrong” with the previous release.  I find myself with not much “to do” to get the enterprise ready for Windows 8.  Other reasons for the lack of hype… Windows 7 applications seem, for the most part, to “just work” on Windows 8, thus necessitating very little in the way of application compatibility planning.

Still, we have run into a few hiccups.  I spent most of the last two days updating the UVM WiFi Configuration Tool scripts and experimenting with Group Policy settings to make WPA2-protected wireless working consistently (Previously discussed here, way back in ought-eight.).  In the end, there was very little that I did to the WiFi policies that was Windows 8 specific.  The WiFi profile that we are using maintains backward compatibility with both Windows 7 and Windows Vista.

Here are the details:

  • The 802.1x settings in our WiFi profile was updated to use “user authentication” instead of “user or computer authentication”.  Under XP, this option was called “user reauthentication”.  “ReAuthentication” meant that the computer would attempt to log on as the computer account, but that if the connection was lost, it would re-authenticate as the logged on user.  Under XP, it was not possible to prevent computer authentication attempts.  However, under Win7/Win8, user authentication is just that… only user authentication is attempted, computer authentication is excluded.  We have verified this by looking at the RADIUS server logs.  Switching to “user authentication” will cut down on log errors on the RADIUS servers, and will result in fewer errors on client systems as well.
  • We have added a new trust anchor for our RADIUS server certificate in the WiFi profile.  This was necessitated by mergers and acquisitions on the CA business.  “Equifax” provided our original WPA2/PEAP certificate.  When we went to renew our certificate, we found that Equifax had been acquired by GeoTrust, and that new certificates would be issued from a GeoTrust intermediate CA.  However, this intermediate CA would be cross-signed using the Equifax root CA, so the Equifax trust anchor would still work.  The problem is that if a system has both the GeoTrustandEquifax certs present in the local trusted roots certificate store, it will validate the “radius.uvm.edu” up to the GeoTrust anchor, and will ignore the cross-signing with Equifax.  This results in WiFi connection errors.  When I add the GeoTrust cert as an additional trust anchor, the problem goes away.
  • The VBScript I use to install the WiFi profile is packaged inside a 7-Zip self extractor.  The use of this self-extractor triggers the Windows “Program Compatibility Assistant”, which in turn raises a “This program might not have installed correctly” error after the tool runs.  This problem is corrected by embedding a “manifest” file into the tool.  Typically, this is done using the “mt.exe” tool included in the Windows SDK.  Unfortunately, MT.exe corrupts self-extracting 7-Zip archives (this also is a known problem with WinRAR, and perhaps other similar tools).  Fortunately I was able to work around the problem using “Resource Tuner” from Heaventools.  I needed to add “trustInfo” and “compatibility” sections to the manifest.  My blog engine is really bad about posting XML content in a page, so I will forego posting the manifest here. You can find sample manifests pretty easily though Google.
  • When we run the packaged configuration tool, we get a warning that the application package is unsigned and may not be trustworthy.  I used “signtool.exe” from the Windows SDK to add a signature to the executable, so now it is considered somewhat more trustworthy.  Good instructions on the use of signtool.exe can be found here:
    http://www.tech-pro.net/code-signing-for-developers.html
    I am using a code signing cert that we obtained from the InCommon.org certificate service, hosted by Comodo.  It works.
  • Finally, I updated the profile installer VBScript to make reconfiguration a bit easier (subroutines were converted to functions so that variables set at the start of the script can be passed down to the function.  We then can set things like the trust anchor name, WiFi network name, and log file name at the start of the script where they are more easily edited.  Also, I removed support for Windows XP… no more Service Pack detection, Hotfix installation, or third-party profile installation utilities are needed by the script.  I was able to hack the script down to about a quarter of its original size as a result.  The new script is included below, for those who like that sort of thing…

 


Option Explicit
'On Error Resume Next
'Install UVM WPA2-Enterprise wireless profile
' Version 1.3 by J. Greg Mackinnon, University of Vermont
' Supported platforms:  Windows Vista, 7, and 8
' Requires external tools:  "CertMgr.exe" (from the Windows Platform SDK)
' Requires external files:  Root CA certificate file, 
'                           WiFi XML configuration files for Vista+ Windows OS.
'                            (obtained by running "netsh wlan export profile UVM .\"
' NOTE: modify variables in the "Define variables" section to suit your environment.

'History:
' Version 1.0 - Supported UVM WiFi using WPA2, Equifax certs, Windows XP SP2+ and Vista OS
' Version 1.1 - Updated to support Windows 7
' Version 1.2 - Updated to support Windows 8.  Removed support for XP 
'             - Removed third-party "ZWlanCfg" utility and OS Hotfix installation functions (were only needed for XP support)
' Version 1.3 - Converted existing subroutines to functions to allow for easier switching of CAs and WiFi networks.
'             - Moved Global Variables to the top of the script for easier modification.
'             - Updated CA cert and WPA Profile supporting files to use "GeoTrust" instead of "Equifax".

' Create constants
Const cLogFile = "install_UVM_WiFi.log"

' Declare variables
Dim oShell, oUserEnv, oFSO, oFile, oRegExp
Dim iSPVer
Dim sTempEnv, strComputer, sOSTest, sOS, sCertName, sCertFile, sNetName, sProfileFile
Dim bReRun

' Define variables
bReRun = False
strComputer = "."
sOSTest = "Vista|Windows 7|Windows 8" 'Regular Expression for OS compatibility testing
sCertName = "GeoTrust Global CA"      'Friendly name of the trust anchor certificate
sCertFile = "GeoTrustGlobalCA.cer"    'Name of the trust anchor file
sNetName = "UVM"                      'Name of the WiFi Access Point
sProfileFile = ".\Wi-Fi-UVM.xml"      'Name of the Vista+ wlan profile file.

' Instantiate global objects
Set oShell = WScript.CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
sTempEnv = oShell.ExpandEnvironmentStrings("%TEMP%") & "\"
Set oFile = oFSO.CreateTextFile(sTempEnv & cLogFile,True)
Set oRegExp = New RegExp
oRegExp.IgnoreCase = True
oRegExp.Global = True
oRegExp.Pattern = sOSTest

'''''''''''''''''''''''''''''''''
' Define Functions
'
Function fDetectOS(sOS, iSPVer)
'Detect OS Function - detects OS Caption string and Service Pack integer from WMI WIN32_OperatingSystem.
'Expects to varibles passed, returns the full OS Caption String, and SP Major Version intger
	'Declare variables
	Dim colItems
	Dim objWMIService, objItem
	'Instantiate local objects/collections
	Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") 
	Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")

	For Each objItem In colItems
	  sOS = objItem.Caption
	  oFile.WriteLine "Detected Operating System: " & sOS
	  iSPVer = CInt(objItem.ServicePackMajorVersion)
	  oFile.WriteLine "Detected Service Pack Version: " & iSPVer
	  oFile.WriteLine "Service Pack Minor Version: " & objItem.ServicePackMinorVersion
	Next
	
	'Clean local objects/variables
	Set objItem = Nothing
	Set colItems = Nothing
	Set objWMIService = Nothing
End Function

Function fInstCert(sCertName,sCertFile)
' Installs cert with sCertName root CA cert into machine "root" store.
' Requires:  certmgr.exe from the Windows Platform SDK (available with VS .NET or VS 2008 installations), 
'	sCertName variable - contains the friendly name of the root CA
'	sCertFile variable - contains the name of the root CA certificate file
' Requres:  Root CA cert file
' Notes:  We use the "root" argument to certmgr.exe to install into the "Trusted Root Certificate Authorities".  
'		We also could use "ca" to install Intermediate Certificate Authorities.
'		In a previous version of this script we used "oShell.Run", but his returned unexpected results on the
'		Windows 7 platform... using .Exec now.
	
	Dim bCertPresent, bInstSuccess
	Dim oExec
	Dim sOut

	bCertPresent = false
	bInstSuccess = false
	
	set oExec = oShell.Exec("certmgr.exe -c -s -r localMachine root")

	Do Until oExec.StdOut.AtEndOfStream
		sOut = oExec.StdOut.ReadLine()
		if InStr(sOut, sCertName) Then
			'oFile.WriteLine sOut
			'WScript.Echo sOut
			bCertPresent = true
		End If
	Loop

	if bCertPresent = false then
		oFile.WriteLine "Root Certificate for """ & sCertName & """ needs to be installed.  Attempting install..."
		set oExec = oShell.Exec("certmgr.exe -add -c " & sCertFile & " -s -r localMachine root")
		Do Until oExec.StdOut.AtEndOfStream
			sOut = oExec.StdOut.ReadLine()
			if InStr(sOut, "Succeeded") Then
				'oFile.WriteLine sOut
				bInstSuccess = true
			End If
		Loop
		if bInstSuccess = true then
			oFile.WriteLine "Certificate installed successfully"
		else 
			oFile.WriteLine "Certificate failed to install... You will need to install the " _
				& "certificate manually.  See the instructions at https://www.uvm.edu/ets/wireless " _
				& ", then run this script again to compelte installation of the UVM wireless profile."
			WScript.Quit -2
		end if
	else
		oFile.WriteLine "Root Certificate for """ & sCertName & """ is already installed."
	End If
End Function

Function fImportProfile(sProfileFile,sNetName)
'Imports Vista+ Wireless Profile using NETSH command.  
'Requires: a Vista+ wifi profile file exported using NETSH, 
'	sProfileFile - string containing name of the wlan XML profile file to be imported
'	sNetName - string contining the name of the wlan profile name (WiFi Network Name)

	'On Error Resume Next
	Const cUserScope = "all"
	
	Dim iStrMatch
	Dim oExec, oStdOut
	Dim sStdOutLine
	
	oFile.WriteLine "Executing command: netsh wlan add profile filename=""" & sProfileFile & """ user=" & cUserScope & ""
	Set oExec = oShell.Exec("netsh wlan add profile filename=""" & sProfileFile & """ user=" & cUserScope & "")
	Set oStdOut = oExec.stdOut
	While Not oStdOut.AtEndOfStream
		sStdOutLine = oStdOut.ReadLine
		oFile.WriteLine(sStdOutLine)
		iStrMatch = CInt(InStr(sStdOutLine, "Profile " & sNetName & " is added on interface"))
		If iStrMatch > 0 Then
			WScript.Echo "The " & sNetName & " wireless profile was added successfully to your system"
		ElseIf iStrMatch = 0 Then
			WScript.Echo "The wireless profile failed to import.  Please see the manual profile " _
			& "configuration instructions available at http://www.uvm.edu/ets/wireless.  A " _
			& "log file named " & cLogFile & " which contains the full error message can be " _
			& "found in the " & sTempEnv & " directory."
			WScript.Quit -3
		End If
	Wend
	
	Set oStdOut = Nothing
	Set oExec = Nothing
End Function
'
' End Functions
'''''''''''''''''''''''''''''''''

'''''''''''''''''''''''''''''''''
' Begin Main
'

fDetectOS sOS, iSPVer

If oRegExp.Test(sOS) = True Then
	fInstCert sCertName, sCertFile
	fImportProfile sProfileFile, sNetName
Else
	oFile.WriteLine "Your operating system is not supported for use with this script."
	WScript.Quit -4
End If

oFile.close

' Environment cleanup 
Set oFile = Nothing
Set oFSO = Nothing
Set oUserEnv = Nothing
Set oShell = Nothing
Set oRegExp = Nothing

'
' End Main
''''''''''''''''''''''''''''''''''

F5 Load Balancing – Performance (Layer 4) mode and Windows Server 2008

NOTE: This article has been updated with a correction to the NetSH commands. Previously I documented the “forwarding” should be enabled on the interfaces, but “weak host receive” and “weak host send” is more accurate, as documented here:

http://devcentral.f5.com/weblogs/rkorock/Default.aspx

Recently we had a problem with a web applicaiton configured for SSL-offload on our Load Balancers.  Our F5 Guru (Ben Coddington) recommended that we swich to a “Layer 4 forwarding” configuration.  In this mode, the F5 will forward TCP packets from the client directly to the web server without altering packet content, which is just what we needed.

Making this work on Server 2008 took a bit of extra leg work, though.  Here are the bones of it:

  • On the F5, create a new Virtual Server using the Type category “Performance (Layer 4)”.  Make sure that address translation and port translation are disabled.
  • Create a new F5 Pool that uses a simple port 443/ssl health monitor.  You could use any of a number of load balancing methods, but I cose “Round Robin” because it is in keeping with the “simpler is better” school of thought.
  • On the Server 2008 system, add a “loopback adapter” in the Device Manager.  (At the root of the MMC console, right-click the computer and select “Add legacy device”.  It will be of type “network adapter”, from manfacturer “Microsoft”, and have a name containing “loopback adapter”).
  • Assign the load balanced IP to the loopback adpater with netmask “255.255.255.255″.
  • Here is the trick… you must now allow “weak host receive” on all network interfaces involved with load balancing on the Server 2008 system, and “weak host send” on the loopback interface. If this step is skipped, the Windows server will drop all packets destined for the load balancer address:
    • netsh
      interface ipv4
      set interface "Loopback Connection" weakhostreceive=enable
      set interface "Public Network" weakhostreceive=enabled
      set interface "Loopback Connection" weakhostsend=enabled
      exit
      
  • Make sure you have a vaild SSL certificate configured on all RDGateway systems in your farm.

That’s about it… The F5 will forward all packets sent to the load balanced IP to the next pool member in the rotation (barring persistence).  The Server 2008 host will receive the packet, and forward it to the loopback adapter (following TCP/IP routing logic).  The Server 2008 host will reply directly to the client.  Amazingly, it all seems to work.

Configuring WiFi Profiles Using VBScript

We are in the midst of deploying a WPA2-Enterprise wireless network here at UVM.  During the testing process we have discovered that although domain-joined computers have no trouble using the network (out-of-box settings don’t work very well, but we are pushing profiles using Group Policy to make easy for our clients), stand-alone workstations need very specific WiFi settings that are not overly intuitive.

I decided to see if I could automate installation of wireless profiles using a script.  Three days later, I have the outline of something that appears to work…

Below you will find a VBScript that performs the following procedures:

  • Detects the operating system platform and Service Pack levels
  • Installs the trusted root certificate that is used by our RADIUS server if it is not already present.  The script calls the “certmgr.exe” tool, available from the Windows Platform SDK (I suppose I could have used CAPICOM, but why should I torture myself?)
  • On Windows XP, uses the free utility “zwlancfg.exe” written by ENGL to install our WPA2-Enterprise wireless profile.  The script will install the KB918997 HotFix if it is not already present.  This HotFix adds the WiFi API to Windows, allowing programmatic configuration of wireless on XP Service Pack 2 (Note: XP Service Pack 3 includes this HotFix).
    (I configured a WiFi profile on my XP laptop then used the command:
    zwlancfg.exe /export:”[profile name]”
    to generate the XML profile called by the script.
  • On Windows Vista, we call “netsh wlan import profile” to import a WiFi profile that was generated using:
    netsh wlan export profile –name:”[profile name]” –folder:”[export folder]”

No doubt there are smarter ways to do this, and essential script logic that I am missing.  I welcome your feedback and recommendations on how this script can be enhanced.  Code follows:


option explicit
'Install UVM WPA2 wireless profile
' Supported platforms:  Windows Vista and XP with Service Pack 2 or 3
' Requires external tools: "zwlancfg.exe", "CertMgr.exe" (from the Windows Platform SDK), and HotFix installer for KB918997
' Requires external files:  "IPS Servidores" root certificate file, XML configuration files for XP and Vista

' create constants
const cNetName = "wpa2"
const cLogFile = "uvm_wpa2.log"

' declare variants
dim oShell, oUserEnv, oFSO, oFile
dim iSPVer
dim sTempEnv, strComputer, sOS
dim bSuccess

'define variants
bSuccess = false
strComputer = "."

'instantiate global objects
set oShell = WScript.CreateObject("WScript.Shell")
set oFSO = CreateObject("Scripting.FileSystemObject")
sTempEnv = oShell.ExpandEnvironmentStrings("%TEMP%") & ""
set oFile = oFSO.CreateTextFile(sTempEnv & cLogFile,true)

fDetectOS sOS, iSPVer

if inStr(sOS, "Vista") > 0 then
    subInstCert
    subImpVistaProfile
    elseif inStr(sOS, "XP") > 0 then
        if iSPVer = 2 then
            subXPPatch
            subInstCert
            subImpXPProfile
        elseif iSPVer = 3 then
            subInstCert
            subImpXPProfile
        else
            oFile.WriteLine "Your operating system is not supported for use with this script."
            WScript.Quit -4
        end if
    else
end if

oFile.close

'''''''''''''''''''''''''''''''''
''' begin environment cleanup '''
'''''''''''''''''''''''''''''''''
set oFile = nothing
set oFSO = nothing
set oUserEnv = nothing
set oShell = Nothing
''''''''''''''''''''''''''''''''''
''''' end environment cleanup ''''
''''''''''''''''''''''''''''''''''

function fDetectOS(sOS, iSPVer)
'Detect OS Function - detects OS Caption string and Service Pack integer from WMI WIN32_OperatingSystem.
'Expects to varibles passed, returns the full OS Caption String, and SP Major Version intger
    'Declare variables
    dim colItems
    dim objWMIService, objItem
    'Instantiate local objects/collections
    Set objWMIService = GetObject("winmgmts:" & strComputer & "rootCIMV2")
    Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")

    For Each objItem in colItems
      sOS = objItem.Caption
      oFile.Write "Detected Operating System: " & sOS
      iSPVer = cInt(objItem.ServicePackMajorVersion)
      oFile.Write "Detected Service Pack Version: " & iSPVer
      oFile.Write "Service Pack Minor Version: " & objItem.ServicePackMinorVersion
    Next

    'Clean local objects/variables
    set objItem = nothing
    set colItems = nothing
    set objWMIService = nothing
end function

sub subImpVistaProfile
'Imports Vista Wireless Profile using NETSH command.
'Requires: a Vista wifi profile file exported using NETSH, defined in cVistaProfile within this function
    const cVistaProfile = ".uvm-wpa2-test.xml"
    const cUserScope = "all"

    dim iStrMatch
    dim oExec, oStdOut
    dim sStdOutLine

    oFile.WriteLine "Executing command: netsh wlan add profile filename=""" & cVistaProfile & """ user=" & cUserScope & ""
    set oExec = oShell.Exec("netsh wlan add profile filename=""" & cVistaProfile & """ user=" & cUserScope & "")
    set oStdOut = oExec.stdOut
    While not oStdOut.AtEndOfStream
        sStdOutLine = oStdOut.ReadLine
        oFile.WriteLine(sStdOutLine)
        iStrMatch = cInt(inStr(sStdOutLine, "Profile " & cNetName & " is added on interface"))
        if iStrMatch > 0 then
            WScript.Echo "The " & cNetName & " wireless profile was added successfully to your system"
        elseif iStrMatch = 0 then
            WScript.Echo "The wireless profile failed to import.  Please see the manual profile " _
            & "configuration instructions available at http://www.uvm.edu/ets/wireless/wpa/.  A " _
            & "log file named " & cLogFile & " which contains the full error message can be " _
            & "found in the " & sTempEnv & " directory."
            WScript.Quit -3
        End If
    Wend

    set oStdOut = Nothing
    set oExec = Nothing
end sub

sub subImpXPProfile
    ' Installs an XP wifi profile using zwlancfg.exe.  Requires the HotFix KB918997 be installed on the system before running.
    ' Requires presence of xml wifi profile file defined in cXPProfile
    const cXPProfile = ".wpa2.xml"
    const cForReading = 1
    Dim oZFile
    Dim sZFile

    oFile.WriteLine "Executing command: zwlancfg.exe /import:""" & cXPProfile & """ /log"
    oShell.Run "zwlancfg.exe /import:""" & cXPProfile & """ /log", 1, true

    set oZFile = oFSO.OpenTextFile("zwlancfg.log", cForReading)
    sZFile = oZFile.ReadAll
    oZFile.close

    oFile.WriteLine "Output from zwlancfg.exe follows..."
    oFile.Write sZFile

    iStrMatch = cInt(inStr(sStdOutLine, "Profile added to interface"))
    if iStrMatch > 0 then
        bSuccess = true
        WScript.Echo "The " & cNetName & " wireless profile was added successfully to your system"
    else WScript.Echo "Import of the WPA2 profile for XP failed.  Please see the manual profile " _
        & "configuration instructions available at " _
        & "http://www.uvm.edu/ets/wireless/wpa/.  A log file named " & cLogFile & " which " _
        & "contains the full error message can be found in the " & sTempEnv & " directory."
        WScript.Quit -1
    End If
end sub

sub subXPPatch
    stop
    const cHotFixID = "KB918997" 'IS THIS HOW THE HOTFIX IS DISPLAYED BY THE WMI QUERY?  nEED TO TEST!!!
    dim colItems
    dim objWMIService, objItem
    dim iRC
    dim sHFOut
    dim bHFPresent

    bHFPresent = false

    Set objWMIService = GetObject("winmgmts:" & strComputer & "rootCIMV2")
    Set colItems = objWMIService.ExecQuery( _
        "SELECT * FROM Win32_QuickFixEngineering",,48)
    For Each objItem in colItems
        sHFOut = objItem.HotFixID
        if sHFOut = cHotFixID then
            bHFPresent = True
        end if
    Next
    oFile.WriteLine "QFE HotFix ID " & cHotFixID & " is present: " & bHFPresent
    if bHFPresent = false then
        oFile.WriteLine "We now will attempt to install QFE HotFix 918997."
        iRC = oShell.Run("WindowsXP-KB918997-v6-x86-ENU.exe /passive /noreboot", 1, true)
        oFile.WriteLine "Return code from HotFix installer: " & iRC
        if iRC = 0 then 'IS THIS THE ACTUAL RETURN CODE FOR A SUCCESSFUL INSTALL???
            WScript.Echo "A patch to your operating system was required to enable Wireless " _
            & "access to the UVM network.  The patch was applied successfully.  Please reboot " _
            & "your system and run this script again to complete Wireless configuration."
        else WScript.Echo "Application of the required XP HotFix " & cHotFixID & " " _
            & "failed.  Please see the manual profile configuration instructions available at " _
            & "http://www.uvm.edu/ets/wireless/wpa/.  A log file named " & cLogFile & " which " _
            & "contains the full error message can be found in the " & sTempEnv & " directory."
            WScript.Quit -1
        end if
    end if

    set objItem = nothing
    set colItems = nothing
    set objWMIService = nothing
end sub

sub subInstCert
    stop
    'const cRootName = "IPS SERVIDORES"
    'dim oAllCerts, oCert
    'set colCerts = oCerts.Find(CAPICOM_CERTIFICATE_FIND_ROOT_NAME, cRootName, true)
    'oCert.Load(fileName, CAPICOM_KEY_STORAGE_DEFAULT, CAPICOM_LOCAL_MACHINE_KEY)
    dim iRC
    iRC = oShell.Run("certmgr.exe -c -s -r localMachine root | find ""IPS SERVIDORES""", 1, true)
    if iRC = -1 then
        oFile.WriteLine "Root Certificate for IPS_SERVIDORES needs to be installed.  Attempting install..."
        iRC = oShell.Run("certmgr.exe -add -c IPS_SERVIDORES.cer -s -r localMachine root", 1, true)
        if iRC = 0 then
            oFile.WriteLine "Certificate installed successfully"
        else
            WScript.Echo "Certificate failed to install... You will need to install the " _
            & "certificate manually.  See the instructions at https://www.uvm.edu/ets/wireless/wpa2 " _
            & ", then run this script again to compelte installation of the UVM wireless profile."
            WScript.Quit -2
        end if
    else
        oFile.WriteLine "Root Certificate for ""IPS SERVIDORES"" is already installed."
    end if
end sub

Setting Up Server 2008 Core

Configuring IPv4 on the Local network interface:

http://www.petri.co.il/configure_tcp_ip_from_cmd.htm -and-

http://www.markwilson.co.uk/blog/2005/10/using-netsh-to-set-multiple-dns-server.htm

  • To set your IP address:
    netsh interface ip set address name=”Local Area Connection” static <ip address> <netmask> <default gateway>
    (Note:  If you are using netsh on a platform earlier than Server 2008 (i.e. Server 2003) you may nned to provide more explicit parameters such as:
    netsh interface ip set address name”Local Area Connection” source=”static” addr=”<addr>” mask=”<mask>” gateway=”<gateway>” gwmetric=”1″)
  • To set your first DNS server:
    netsh interface ip set dns “Local Area Connection” static <DNSServerIP>
    (NOTE:  You may want to set DNS info first if you need your interface to be functional as soon as the IP address comes online.)
  • To set your first WINS server:
    netsh interface ip set wins “Local Area Connection” static <WINSServerIP>
  • Setting up additional WINS and DNS servers:
    • run “netsh”
    • go to the context “interface ip”
    • run:
      add dns "Local Area Connection" <DNSServerIP> index=2
      then
      add wins "Local Area Connection" <WINSServerIP> index=2
    • Verify settings with:
      "ipconfig /all" or "netsh interface ip show config"

Installing VMWare Tools:

http://www.flickr.com/photos/jimboy/sets/72157602876493918

  • In the ESX console, initiate “Install VMWare Tools”
  • At the server console, switch to D:, run setup.exe with typical options, wait wait wait wait, affirm that you want to install the updated help files, reboot.

Changing the console resolution:

http://www.netometer.com/video/tutorials/core-server-change-resolution/index.php

  • use regedit.exe
  • navigate to:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlVideo{BBF118A6-4C44-4FE4-A8A3-965A9A577F98}000
    (or whichever GUID key have the subkey of “0000″ named “VolatileSettings”)
  • Change “DefaultSettings.XResolution” and “DefaultSettings.YResolution” to your desired values in decimal format.

Enabling remote desktop:slmgr

http://www.petri.co.il/managing-windows-2008-server-core-rdp.htm

  • cscript C:WindowsSystem32Scregedit.wsf /ar 0
  • netsh advfirewall firewall set rule group=”Remote Desktop” new enable=yes

Activating a KMS:

  • After networking is configured, use SLMGR.vbs to activate your KMS
  • For you sanity, you may wish to perform “cscript //H:cscript” to set the command line script interpreter as the default script handler.
  • run “slmgr.vbs -ipk <KMS product key>”
  • run “slmgr.vbs -ato” to activate the KMS
  • run “Netsh advfirewall firewall set rule group=“Key Management Server” new enable=yes” to allow KMS client traffic through the firewall (more on this below)
  • run “slmgr.vbs -dlv” to monitor KMS activity.

Allowing Remote Administration:

http://blogs.technet.com/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-management-of-a-workgroup-server-core-installation.aspx

  • Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes
  • <rule group> can include:
  • Remote Event Log Management
  • Remote Service Management
  • File and Printer Sharing
  • Remote Scheduled Tasks Management
  • Performance Logs and Alerts
  • Remote Volume Management
  • Windows Firewall Remote Management
  • Now that I have remote access via MMC, I see that the group “Key Management Service” is also available.  Also see the “Remote Desktop” group, above.