Why a Hacker Can Own Your Web Servers in a Day!

Want to know how easy it can be for hackers to get control of your webserver and other servers? The you should what this demo from TechEd 2014.


Of course some of the things should never be happening. Like connecting to a SQL server from a web application with the SA account.


Windows Server Core: Installation & Configuration.

Last week I wrote that I would have another look at Windows Server Core. This is the second part where I will install and configure Windows Server Core.

Installing is pretty easy. It just looks like a normal Windows Server installation. There is just one difference. In the fourth screen (see below) of the setup you choose for ‘Server Core Installation’ and not for ‘Server with a GUI’. Actually you don’t have to make a choice in the Windows Server 2012 setup because a Server Core installation is the default option now.


I assume that you know how to install Windows. So I will not talk about the rest of the installation. It is pretty much Next, Next and Next on the other screens.

When the installation is finished you are welcomed by this screen.


Just press OK and type a new password on the next screen. When you have done that you will be logged in on you new Windows Server Core installation. And that looks fabulous! Uhmmm, not really! The only thing you will see is a command prompt. Just like the good old days when Windows did not exist.

So now what?? To start some basic configuration tasks you type sconfig.cmd at the command prompt. It provides you with an easy way for changing the server name, add it to a domain, change IP settings and more.


With option 1 you can add the server to a domain or to a workgroup. When you choose option 2 you can change the name of the server. When you look at the options it is very clear what the options do. You can start at the top and then go the next option and the next. When you start configuring with sconfig you will see screens that look a lot like part of a GUI. For example when you change the date and time.

I prefer to start with option 8, Network Settings. Just to make sure that server received a valid IP number from the DHCP server. You can also set a fixed IP number if you want. After that I just follow the list.

As you can see, installing and configuring Windows Server Core is pretty easy. The fun will start after this. The server will not do much in its current state. It has no role(s) configured. I will show that in an other part. But not the next part. The next part will be about configuring Server Core with PowerShell.

Windows Server Core: A GUI-less adventure.

Since Windows Server 2008 we have the possibility to install Windows without the GUI. A so called core installation. I have tried it a few times but never really like it. Managing it was not so easy. And it was only possible to use it for a limited set of server roles. Like Active Directory Services or File Services. It was also possible to use it as a Web Server, but with limitations. For example it was not possible to use ASP.net.

With Windows Server 2008 R2 the Server Core installation became more useful and also more manageable. Even with all the improvements I never really used it.

In Windows Server 2012 the Server Core installation is now the default option. The Windows Server team made a lot of improvements to it. You can use it for almost every Server Role and managing it has become more easy. Also because it is shipped with Powershell 3.0.

So it is time to explore Server Core again. My main focus will be to find out how useful Server Core is as a Web Server and what kind of troubles or limitations I will get into and how to deal with them.

This is it for now. I need to build my test environment first. But I will be back soon with the next part Windows Server Core: Installation & Configuration.