| Executive Summary:
The focus of the past few Windows Power Tools columns has been to show you how to get a new Windows Server 2008 Server Core system ready to do some work. To wrap up that focus, let’s set the system's time zone, configure its screen saver, and tweak its firewall. |
The focus of my past few columns has been to show you
how to get a new Windows Server 2008 Server Core system
ready to do some work. To wrap up that focus, I want to
provide a few short command-line tips—namely, setting
the system’s time zone, configuring its screen saver, and
tweaking its firewall. After those tasks are done, we’ll have
put the final polish on a ready-to-roll Server Core system.
Tinkering with Time Zones
You would think that setting a system’s time zone would be pretty
simple—say, typing a number into the registry—but for some
reason, time zones are tougher than that. So, Microsoft decided to
simplify the graphical functionality of the Control Panel Date and
Time applet so that it would work on Server Core. (Remember,
Server Core isn’t completely GUI-less. Simple GUI-based apps such
as Task Manager, Notepad, Regedit, and many setup programs work
fine with Server Core’s limited interface.)
To set a Server Core system’s time zone, just type the timedate
.cpl command at the command prompt and tap Enter, and the
applet will appear. (Another way to set the time zone on a Server
Core system is to use a script to do the installation.) The only other
Control Panel applet to find its way into Server Core is Regional and
Language Options (intl.cpl).
Setting the Screen Saver
By default, Server Core engages its screen saver after 10 minutes of
inactivity, locking the screen until you log on again. While testing my
Server Core system, I found this behavior irritating, so one of my favorite
setup tasks is to open Regedit, navigate to HKEY_CURRENT_USER Control Panel\Desktop, and adjust the ScreenSaverIsSecure subkey’s
value from 1 to 0, which removes password protection from the screen
saver. You wouldn’t want to do that on a production machine, of
course, but it might save your sanity on test systems.
You can also access the ScreenSaveTimeOut subkey to specify how
many seconds of inactivity to wait before screen-saver activation, the
ScreenSaveActive subkey to enable or disable the screen saver, and the
SCRNSAVE.EXE subkey to identify which screen saver you want to use.
Server Core offers only the standard logon.scr option (i.e., the Windows
logo) or the scrnsave.scr option (i.e., a blank screen). In my tests, new
ScreenSaverIsSecure, ScreenSaveActive, and SCRNSAVE.EXE values
take effect immediately, but changing the ScreenSaveTimeOut value
requires a logoff/logon.
Fine-Tuning the Firewall
All versions of Server 2008 differ from their predecessors by enabling
their firewall by default. You can open Server Core’s firewall through
Group Policy (i.e., Computer Configuration, Administrative Templates,
Network, Network Connections, Windows Firewall). Then, in
either the Domain Profile or Standard Profile folder, set the Windows
Firewall: Protect All Network Connections value to Disabled.
You can also use the command line to disable the firewall:
netsh firewall set opmode disable
To re-enable the firewall, just replace disable with enable. If you don’t
know the firewall’s state, just type
netsh firewall show state
This command produces about a dozen lines of fairly confusing
output. Look for the line that begins with Operational Mode =; the
presence of Enable or Disable will answer the question.
I like the idea of raising the Server Core firewall—after all, security is
one of its selling points—but I typically open my firewalls just enough
to let the system respond to pings. You can set your Server Core firewalls
to allow the system to respond to pings by using the command
netsh firewall set icmpsetting 8 enable
In general, you won’t have to open ports in your firewall because
Ocsetup automatically opens whatever ports a server module needs
when you install that module. For example, installing the DNS
Server service opens port 53 without any further work on your part.
But if you did need to open a port, you’d type
netsh firewall set portopening tcp|udp <portnumber label>
To tell the system that you’ve enabled Remote Desktop through the
registry (which doesn’t open the RDP port by default), type
netsh firewall set portopening tcp 3389 "Remote Desktop"
Ready to Roll
With these final tinkerings done, you’re ready to put your Server Core
box to work as a DHCP server. Tune in next month for that!