Sitemap

Server Core Install

Discover how Pleasant Password Server will enhance KeePass for business

(Windows Server Standard or Windows Server Datacenter)

Here are steps to prepare you for installation on Windows Server Core, that is, editions without "Desktop Experience".

Pleasant Password Server can be administered primarily through a Web interface, making it a prime candidate for installing & running on "Server Core".

Please Note:

  • These steps are provided: because currently the application installer uses a graphical interface
  • Improving these steps are in progress and are provided as-is. (see the acknowledgment at the bottom)
  • Please check back for further updates!
  1.  

  2. Have Questions?  Contact Us!

Benefits & Drawbacks

Benefits to using Server Core are:

  • Reduced attack surface & improved application security environment
  • Reduced maintenance & managment requirements
  • Reduced disk space & memory usage

However, the edition is limited:

  • Minimal environment, no graphical user interface (GUI),
  • Graphical applications are not supported,
  • Only a clean, new installation of Windows Server Core is possible (i.e. cannot upgrade from a previous Windows version)

For more info: see What is Server Core installation option in Window Server

Configuring Windows Server Core

Step 1: Enable Windows Remote Management

  • Confirm that WinRM is configured:
    • Winrm quickconfig
  • If WinRM (Windows Remote Management) is not installed you will be asked to configure it:
    • Enable-PSRemoting

Step 2: Get Windows Powershell Update

  • If you use a WSUS server, skip this step.
  • Download PSWindowsUpdate.zip file

 

Invoke-WebRequest https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/file/41459/47/PSWindowsUpdate.zip -UseBasicParsing  -OutFile C:WindowsSystem32WindowsPowerShell1.0ModulesPSWindowsUpdate.zip 
  • Unzip archive
    • cd C:WindowsSystem32WindowsPowerShell1.0Modules

 

Expand-Archive PSWindowsUpdate.zip -DestinationPath C:WindowsSystem32WindowsPowerShell1.0Modules

Step 3: Register & Run Microsoft Updates

  • Register Microsoft Update Service:
    • Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d
  • Run updates from the Microsoft Update Servers, accept all updates, and auto reboot:
    • Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot

Step 4: Set Power Plan to High Performance

  • Set Power Plan to High Performance:
    • Try {
          $HighPerf = powercfg -l | %{if($_.contains("High performance")) {$_.split()[3]}}    
          $CurrPlan = $(powercfg -getactivescheme).split()[3]    
          if ($CurrPlan -ne $HighPerf)    
          {
              powercfg -setactive $HighPerf    
          }
      } Catch
      {       
          Write-Warning -Message "Unable to set power plan to high performance"
      }

Step 5: Set TimeZone

  • Check the current timezone:
    • Get-TimeZone | Select Id
  • Display all possible timezones (Display name / ID):
    • tzutil /l
  • Set the Time Zone Id (for example, for EST):
    • Set-TimeZone US Eastern Standard Time

Step 6: Reduce boot delay

  • Change time to display OS from 30 seconds to 5:
    • bcdedit /timeout 5

Step 7: Disable IPv6

  • This step is optional, and may be beneficial for some customers towards resolving some strange settings behaviours.

 

New-ItemProperty "HKLM:SYSTEMCurrentControlSetServicesTcpip6Parameters\" -Name "DisabledComponents" -Value 0xffffffff 
-PropertyType "DWord"

Install Password Server

From here, we will use PowerShell to run the executable and launch the installation gui, and can even click through through prompts as usual.

Step 8: Download & Install Pleasand Password Server

  • Download either:
    • Stable Version:

 

Invoke-WebRequest https://downloads.pleasantsolutions.com/package/b6ef48b6-658c-43f6-8cd0-f2392ed769e9/
PasswordServerStable/Current/PleasantPassServer.exe
  • Preview Version:

 

Invoke-WebRequest https://downloads.pleasantsolutions.com/package/3f1c8809-2099-4237-8337-abd36006d111/
PasswordServer/Current/PleasantPassServer.exe -UseBasicParsing -OutFile C:PleasantPassServer.exe
  • Run the .exe:
    • C:\PleasantPassServer.exe
  • The installation screen will display. Follow the prompts as usual.

Step 9: Login from another machine

  • Configuration of Pleasant Password Server can be completed on another machine via the web interface.
  • Login to your servername:
    • https://ServerName:10001
       
  1. Have Questions?  Contact Us!

Optionally: Change the Certificate, Port, or Database

Use the Service config utility to change the Database & Connection string & port.

  • Service Config utility:
    • "C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.ServiceConfiguration.exe"

Change the Certificate by using PowerShell commands or updating registry directly. 

  • Change Certificate:
    1. Upload your certificate to the certificate store to this location:

      • Computer\PersonalCertificates
    2. Change these certificate values via PowerShell or the Registry (see below)

      • CertificateName
      • StoreLocation
      • StoreName

Here is a list of PowerShell commands:

  • PowerShell commands:
# Check if the destination is accessible
Get-ChildItem Cert:\LocalMachine\My
# Delete previous certificate, in case it's a renewal
Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Subject -Like "CN=PasswordServer-Production-Certificate*" } | Remove-Item
# Import new certificate
Import-PfxCertificate -FilePath New-Certificate.pfx -CertStoreLocation Cert:\LocalMachine\My -Password (Get-Credential -UserName "PFX" -Message "PFX Password").Password

# Check if registry points at correct certificate
Get-ItemProperty "HKLM:\Software\Pleasant Solutions\PasswordManager"
# Update registry to point at correct certificate, if needed
Set-ItemProperty "HKLM:\Software\Pleasant Solutions\PasswordManager" -Name CertificateName -Value "PasswordServer-Production-Certificate"
# Restart service
Restart-Service "Pleasant Password Server"

 

Here is a list of registry keys:

  • Registry Settings:

[HKEY_LOCAL_MACHINE\Software\Pleasant Solutions\PasswordManager]
"Port"="10001"
"DatabaseProvider"="SQLite"
"CertificateName"="PasswordServer_Temporary_Placeholder_Certificate"
"StoreName"="My"
"StoreLocation"="LocalMachine"
  1. Have Questions?  Contact Us! 

References:

 

Acknowledgment:

  • Thanks go to Todd Pettit from Omnisite for their contribution of these instruction steps.