Using Group Policy
You can use Group Policy to manage Server Core remotely the same way that you manage any other computer running Windows. You cannot install Group Policy MMC consoles on Server Core; you must manage Server Core remotely using Group Policy MMC consoles on another computer, such as a Full installation of Windows Server 2008 or a computer running Windows Vista with RSAT installed.
For more information on using Group Policy to manage Active Directory–based networks, see http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx.
Group Policy Tools on Server Core
Server Core does include two command-line Group Policy tools:
Gpupdate. Used to refresh local Group Policy settings and Group Policy settings stored in Active Directory Domain Services. Detailed syntax for using this command can be found at http://technet.microsoft.com/en-us/library/bb490983.aspx or by typing gpupdate /? at a command prompt.
Gpresult. Used to display Resultant Set of Policy (RSoP) information. Detailed syntax for using this command can be found in the Windows Server 2008 Command Reference (available from the Microsoft Download Center, as cited earlier in this chapter) or by typing gpresult /? at a command prompt.
Using WMI Filters to Administer Server Core with Group Policy
You can use WMI filters to ensure that the policy settings contained in a particular Group Policy Object (GPO) are applied only to Server Core installations. WMI filters are used to determine the scope of Group Policy based on computer attributes such as operating system and free hard disk space.
To create a WMI filter that will cause the Seattle SC GPO to be applied only to Server Core computers, perform the following steps:
On your domain controller, open Group Policy Management from Administrative Tools.
Right-click the WMI Filters node in the console tree and select New.
Click Add and type the information in the screenshot shown here to create a WMI Query Language (WQL) query that uses the OperatingSystemSKU property of the Win32_OperatingSystem WMI class to determine whether a given computer is running Server Core Standard (13), Enterprise (14), or Datacenter (15) edition.
Click OK to add the WQL query to your WMI filter and type a name and description for your filter, as shown here.
Click Save to save your WMI filter.
Under Group Policy Objects, select Seattle SC GPO.
On the Scope tab, under WMI Filtering, select Server Core ONLY and click Yes when the dialog box appears, as shown here. The WMI filter is now linked to the GPO.
When Group Policy is processed by a computer targeted by the GPO, the WQL query contained in the WMI filter is evaluated against the WMI repository on the targeted computer. If the query evaluates as True, the GPO is applied; if the query evaluates as False, the GPO is not applied.
Managing Local Group Policy on Server Core
You can manage local Group Policy on Server Core by using the Group Policy Object Editor running on a Full installation of Windows Server 2008 or on a computer running Windows Vista SP1. To do this, follow these steps:
Open a new MMC console by pressing the Windows key+R, typing mmc, and clicking OK.
Click File, and then Add/Remove Snap-in to open the Add Or Remove Snap-ins dialog box.
Double-click Group Policy Object Editor to display the Group Policy Wizard.
Click Browse, select Another Computer, and type or browse to the name of the remote Server Core computer.
Click OK, Finish, and finally OK again. Group Policy Object Editor is now connected to your remote Server Core computer, and you can browse local policy on the computer and configure it as desired.