If you are a VDS hosting customer, have you ever thought about what comes with the standard operating system image?
We decided to share how we prepare standard client virtual machines and show on the example of our new tariff
The list of changes is valid only for this image, for desktop versions you do not need to make so many changes to get a managed server out of the box that will fit in half a gigabyte.
Full list of changes
1. Firewall rules enabled:
- All rules of the "Remote Event Log Management" group
- Virtual Machine Monitoring (DCOM-In)
- Virtual Machine Monitoring (Echo Request - ICMPv4-In)
2. Rule changed
- Windows Remote Management (HTTP-In)
3. Component removed:
- Windows Defender Antivirus
4. The integration service with your personal account is installed - Hyper-V Server Manager
5. All files that are compressed have been compressed by compact.exe.
6. Added file oledlg.dll
7. RDP enabled
Updating
We will omit the installation process, it is nothing more than further, further - it's ready. Immediately after installation, you need to update. To make this process as convenient as possible, we use the Windows Admin Center.
This can also be done using Sconfig, but this is not our option, otherwise you will have to use the left hand.
Turn on control
Next, you need to open ports so that you can manage the server through RSAT.
To do this, you need to enable all the rules in the "Remote Event Log Management" and Virtual Machine Monitoring (DCOM-In) group. Most of the RSAT features are now available, namely the task scheduler, event viewer, local users, perfmon, and the list of services. Through Powershell, you can enable entire groups of rules, this is done with one elegant command:
Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"
Volume and device management is not supported on Server Core, although there are firewall rules for them.
And to enable WINRM management for public networks, you need to modify the Windows Remote Management (HTTP-In) rule by changing the realm.
Set-NetFirewallRule -name WINRM-HTTP-In-TCP-PUBLIC -Profile Any
Removing Windows Defender
About RAM
To fit in 512 megabytes of RAM, you have to make sacrifices. To knock yourself out additional RAM, you need to throw something away. And we will throw out Windows Defender.
We allowed ourselves such manipulation only with a promotional tariff.
Compression
Our tariff provides free space of only 10 gigabytes. After installing all the components, the operating system starts to take up 9,64 GB, but this figure can be improved using compact.exe. Open two terminals, in one go to the root of the disk and enter the command:
compact /s /c /i /f /a /exe:lzx
The LZX option is only available for Windows Server 2016 and 2019, system files are compressed only on these editions, so if you want to save space, the choice is not great.
In the second, enter the command:
Compact /Compactos:always
After that, we enter the activation keys and the KMS server address and install the service. This, of course, we will not show. Now the results:
It was:
After:
Now we will mount the disk, make offline Dism, and also delete the contents of the SoftwareDistribution and Manifestcache folders.
Dism is done like this:
Dism.exe /Image:E: /Cleanup-Image /StartComponentCleanup /ResetBase
Here's another gigabyte for our customers.
Add Oledlg.dll
Oledlg.dll is a library that contains the basic OLE functions that are needed to implement dialog boxes in Windows with a GUI. This file is needed in order to turn Server Core into a real workstation.
It allows, among other things, to deploy forex trading terminals.
That's all. This is all we have done with the image for
Source: habr.com