Windows Server Core is a good alternative to the Full Server GUI installation for many reasons. The main reason is that it can greatly reduce the surface area for attacks. It can also reduce the overall Operating Systems footprint. These are great advantages of running Server Core installations, however it will require a bit more work to get things setup.
You can use most of the modern Windows GUI interfaces to remotely manage your Server Core installations using tools such as Server Manager and IIS Manager. For the purposes of this walkthrough we will be focusing on managing IIS8 remotely using IIS Manager (Client side) and the IIS Web Management Service (server side).
The following is a list of steps we will take to configure Server Core for IIS8 remote management.
- Install Windows 2012 Server Core
- Install the Web Server Role (IIS8)
- Install the Web Management Service
- Enable Remote Management (Web Management)
- Restart the Web Management Service
- Create a Windows Firewall rule to allow traffic to Web Management Service
- Connect to IIS8 on Server Core using IIS Manager
Install Windows 2012 Server Core
Install and configure Windows 2012 Server Core. Server Core is the default installation option for Windows Server 2012. There is a lot of good information out there regarding installing and configuring Windows Server Core 2012. One good source is Microsoft’s TechNet. Here’s a good TechNet article on the subject: http://technet.microsoft.com/en-us/library/hh831620.aspx
Install the Web Server Role (IIS8)
Once the OS is installed and configured, we will install the Web Server Role using Windows PowerShell. We can use the Install-WindowsFeature cmdllet to accomplish this.
Install the Web Management Service
We will also install the Web Management Service using Windows PowerShell.
We can use the Install-WindowsFeature cmdllet to install the service.
Enable Remote Management (Web Management)
You can use the Set-ItemProperty cmdlet in Windows PowerShell to set registry values.
This is how we will enable Remote Web Management.
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1
Restart the Web Management Service
If the Web Management Service is already started it will need to be stopped and restarted to pick up the new settings.
You can use the following Net commands to stop and restart the service.
Net Stop WMSVC
Net Start WMSVC
Create a Windows Firewall rule to allow traffic to Web Management Service
We will use Netsh to create a firewall rule to allow traffic to the Web Management Service (WMSVC). By default the service listens on TCP port 8172, but we will just allow traffic to any port WMSVC listens on.
netsh advfirewall firewall add rule name=”Allow Web Management” dir=in action=allow service=”WMSVC”
If you are in a workgroup you may need to enable the Netbios ports as well. This is the case if you plan to connect to the server via hostname rather than the IP address.
netsh advfirewall firewall add rule name”Allow NETBIOS IN TCP” dir=in action=allow protocol=TCP localport=135-139
netsh advfirewall firewall add rule name”Allow NETBIOS IN UDP” dir=in action=allow protocol=UDP localport=135-139
Connect to IIS8 on Server Core using IIS Manager
Now that IIS has been installed and the Web Management Service has been installed and configured you can connect to IIS from remote Windows Server 2012 IIS8 Manager.
In IIS Manager on click the connections icon and select “Connect to Server”.
Specify a server name or IP address to connect to the server running IIS on Server Core
Enter the credentials for the administrative user. This is ‘administrator’ by default.
Give the new connection a name.
Now in IIS Manager you will see the new connection, in addition to the local IIS instance. You may use this new connection to administer IIS8 on 2012 Server Core.
Feel free to leave comments and questions below. For information on how SherWeb provides managed hosting services like the one above on Windows cloud, dedicated and hybrid configurations, give us a call at 1-855-780-0955, or email us at Sales@sherweb.com.