Windows Server Core & Remote Server Administration Tools (RSAT)

Server Core vs Desktop Experience

When you install Windows Server with the Desktop Experience you get the traditional Windows GUI that you are familiar with from the non-server Windows operating systems like Windows 10. The Server Core does not come with a traditional Windows GUI, to interface with a Server Core installation you must use the command-line interface (CLI) or Remote Server Administration Tools (RSAT). Using Server Core requires only 512 MB of RAM as opposed to the 2 GB required by Desktop Experience. Server Core also requires 4GB less disk space. Note that Windows Server Nano Server is NOT the same thing as Windows Server Core. Nano Server is designed to be "a remotely administered server operating system optimized for private clouds and datacenters". Nano Servers are not designed to be logged into and support only 64-bit applications. Nano Server requires less disk space, restarts, and updates than the traditional version of Windows Server.

Managing Server Core via CLI

As mentioned before to manage the Server Core installation you must use either the CLI or RSAT. When using the CLI there is a helpful utility for configuring most of the settings you see on the "Properties" section of the "Local Server" page in Server Manager. That utility is sconfig. Sconfig allows you to change your domain/workgroup, computer name, timezone, and more system settings.

sconfig will present something like this:

Managing Server Core via RSAT

Remote Server Administration Tools can be installed on Windows Servers with Desktop Experience or on any Windows Workstations. The destination server and the RSAT system should both be on the same domain and you should be using an account that has admin rights on the remote system you are trying to edit. You can log on to a workstation as a standard user and just shift right-click the tool you want and "Run as other user". This will allow you to run the tool as an admin without logging in to your workstation as an admin. You can connect to non-domain bound systems but you will need local credentials to manage it.

Server Installation

To install RSAT on a windows server you can simply navigate to the "Add Roles and Features Wizard", select "Role-based or feature-based installation", click next and then select the server you want to install the tools on, then select next two more times (until you are on the "Features" page). From there scroll down till you see "Remote Server Administration Tools", expand that and select all the tools you wish to install on the system.

Workstation Installation

There are multiple ways to install RSAT on a Windows workstation. You can download an MSU (windows update file) from Microsoft's site and install the tools using that. This version only works for the Windows versions that Microsoft offers downloads for, at this time the latest version is Windows 10 1803 so this will not work for updated systems in 2020. A second way to download the RSAT tools is by opening the "Manage Optional Features" in the settings. You can just search for it in the start menu. Once it's open you can select "Add a feature", then search for the RSAT tool you need, select it and install it. This method works for windows 10 1809 systems and newer ones. The final method to install RSAT on a Windows workstation is via Powershell. Using this command Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online will install every single RSAT tool. You may not want to do this. You can run Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, State to display all the available RSATs and see if they are installed on the system. The Select-Object part just filters it and makes it easier to read. Once you view the tools and figure out what tool you want to install you can run Add-WindowsCapability -Name $Name -Online where $Name is the name of the tool.

Adding a Server to Server Manager

Once you have Server Manager installed on a system you can connect remote servers to be managed. To do this right-click "All Servers" then select "Add Servers". This will open a new dialog that will allow you to add one or more servers. If this is on a domain-bound system you can use the Active Directory tab to search for the system. If the destination server is not on AD you can use the DNS tab and specify the IP to connect to it with Server Manager. Once the server is added to Server Manager you will be able to view it under "All Servers" as shown below.

Using Server Manager to Create a File Share

Before you can remotely manage a file server you are going to want to make sure that the destination server allows the traffic through the firewall. To do this you can run the following command on the remote file server netsh advfirewall firewall set rule group=”Remote File Server Resource Manager Management” new enable=yes. You should get a message saying 8 rules were updated. If not restart the file server and run the command again. Once you get the firewall rules set up you can manage the system remotely using Server Manager and the other RSAT. Go to "File and Storage Services" then "Shares". Right-click and select "New Share...", select "SMB Share - Quick" then next, select the server you want the share on and the disk on that server. Next fill out the share name, description, local path, and remote path. Lastly, you will need to configure the share permissions (by default everyone has access to the share) and then create the share. To navigate to a share you can type \\SERVER\ShareFolder into the File Explorer or run menu.

Setting up GPO to Auto Mount Share

It may be useful to have some shares automount. This means when a user logs on to a system the shares will be automatically mounted. If you want to have someone's home directory be auto-mounted you can do so by editing their user properties in AD. Under the "Profile" tab you can specify the remote host for their home folder. This will only mount it for them and they must have permission to read/write to that directory. If you need to mount the drive for multiple users you will want to do it via GPO. Create a GPO and link it to your desired OU. Then edit the GPO and add a network share to "Drive Maps" under "User Configuration->Preferences->Windows Settings". Configure the share similarly to the image below.