Setting Up 2019 Server Core File Server - Foren-Ken/tech-journal GitHub Wiki

What is Server Core?

"The Server Core option is a minimal installation option that is available when you're deploying the Standard or Datacenter edition of Windows Server. Server Core includes most but not all server roles. Server Core has a smaller disk footprint, and therefore a smaller attack surface due to a smaller code base." Microsoft

What is a File Server

A very basic seeming server which stores and manages files for multiple users. It seems like centralized storage which can be accessed anywhere on the network by authorized users.

How to set up Server Core as part of a Domain

Prep:

Use the command powershell to use a powershell terminal in the provided cmd.exe window.

Change host name

Using powershell, the following command will change host name (restart required).
Rename-Computer -NewName [New Host Name]

Change IP Config

Using powershell, the following commands can check and set up IP config.
Get-NetIPConfiguration
New-NetIPAddress -InterfaceIndex [Check Config To See Index] -IPAddress [Static IP Address] -PrefixLength [CIDR without the /] -DefaultGateway [Default Gateway IP]
Set-DnsClientServerAddress -InterfaceIndex [Check Config To See Index] -ServerAddresses [DNS Server Address]

Setting Up AD Connection

Using powershell, the following commands can check and set up domain. Add-Computer -DomainName "[domain name]" -Credential [domain\admin account]

Quick Way

After some more research, I had stumbled on a command which has all this baked into one.
sconfig

Remote Connection and Firewall Setup on Server:

Add the server role "File and Storage Services", "File and iSCSI Services", "File Server", and "File Server Resource Manager" to the File Share.
Right click the file share within Server Manager and select "Windows Powershell" to remotely access the server using powershell and use the following command to modify the firewall for the File Server:
netsh advfirewall firewall set rule group=”Remote File Server Resource Manager Management” new enable=yes

To check, head to "File and Storage Service" and "Servers" in the Server Manager on the AD. From here, check if the new server has "File Server Resource Manager" when right clicked (at the top of the list) and if so, everything should be all good.

Creating Shares (To allow access to the File Server)

  1. Head to Server Manager > File and Storage Services > Shares and right click within the "Shares" box.
  2. From here, it is fine to use SMB Share - Quick, press next.
  3. Select the File Share, press next.
  4. Choose any name for the share. This will determine how the file share will be accessed. When a name is chosen, press next.
  5. Keep default, press next.
  6. Press Customize permissions. From here, go to share and add a group. The group is selected through the "Select Principal" and permissions can be adjusted in the same window. Remove "Everyone" if everyone should not have access to the file server. Press "Apply" and "Ok". From here, press "Next"
  7. Verify the settings are as expected. Press "Create" if so.

Checking

Log into one of the accounts which has permission to remotely access the file share. Check if it can be accessed from those with permission and not by those without.

Setting network drive as mapped drive.

  1. Head to Group Policy Management and create a new group policy object.
  2. Right click the new group policy object and press "edit..."
  3. Head to User Config > Preferences > Windows Settings > Drive Maps.
  4. Right click and select "Mapped Drives".
  5. Change action to "Create" and set the location to the UNC path (network share path).
  6. Select "Reconnect" (To ensure the drive is automatically remapped each time) and change the drive letter to desired drive letter.
  7. Modify other settings as desired.
  8. Add the specified group and computers to receive the policy in "Security Filtering". Remove unnecessary groups. DO NOT FORGET TO ADD THE COMPUTERS!!!!