If you are a VDS hosting customer, have you ever thought about what comes with the standard operating system image?
We decided to share how we prepare standard client virtual machines and show on the example of our new tariff For 120 rubles, how we created a standard look Windows Server 2019 Core, and we'll also tell you what's changed in it.
The list of changes is valid only for this image, for desktop versions you do not need to make so many changes to get a managed server out of the box that will fit in half a gigabyte.
Full list of changes
1. Firewall rules enabled:
- All rules of the "Remote Event Log Management" group
- Virtual Machine Monitoring (DCOM-In)
- Virtual Machine Monitoring (Echo Request - ICMPv4-In)
2. Rule changed
- Windows Remote Management (HTTP-In)
3. Component removed:
- Windows Defend Antivirus
4. The integration service with your personal account is installed - Hyper-V Server Manager
5. All files that are compressed have been compressed by compact.exe.
6. Added file oledlg.dll
7. RDP enabled
Updating
We'll skip the installation process; it's nothing more than "next," then "done." Immediately after installation, you'll need to update. To make this process as convenient as possible, we use Windows Admin Center.
This can also be done using Sconfig, but this is not our option, otherwise you will have to use the left hand.
Turn on control
Next, you need to open ports so that you can manage the server through RSAT.
To do this, you need to enable all the rules in the "Remote Event Log Management" and Virtual Machine Monitoring (DCOM-In) group. Most of the RSAT features are now available, namely the task scheduler, event viewer, local users, perfmon, and the list of services. Through Powershell, you can enable entire groups of rules, this is done with one elegant command:
Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"
Volume and device management is not supported on Server Core, although there are firewall rules for them.
To enable WINRM management for public networks, you need to change the rule Windows Remote Management (HTTP-In) by changing the scope.
Set-NetFirewallRule -name WINRM-HTTP-In-TCP-PUBLIC -Profile AnyRemoval Windows Defender
About RAM
To fit into 512 megabytes of RAM, you'll have to make sacrifices. To get extra RAM, you'll have to give up something. And we'll give up something. Windows Defender.
We allowed ourselves such manipulation only with a promotional tariff.
Compression
Our tariff provides free space of only 10 gigabytes. After installing all the components, the operating system starts to take up 9,64 GB, but this figure can be improved using compact.exe. Open two terminals, in one go to the root of the disk and enter the command:
compact /s /c /i /f /a /exe:lzx 
The LZX option is only available for Windows Server 2016 and 2019, system files are compressed only on these editions, so if you're looking to save space, your options are limited.
In the second, enter the command:
Compact /Compactos:always 
After that, we enter the activation keys and the KMS server address and install the service. This, of course, we will not show. Now the results:
It was:
After:
Now we will mount the disk, make offline Dism, and also delete the contents of the SoftwareDistribution and Manifestcache folders.
Dism is done like this:
Dism.exe /Image:E: /Cleanup-Image /StartComponentCleanup /ResetBaseHere's another gigabyte for our customers.
Add Oledlg.dll
Oledlg.dll is a library that contains basic OLE functions that are needed to implement dialog boxes in Windows with a GUI. This file is needed to turn Server Core into a real workstation.
It allows, among other things, to deploy forex trading terminals.
That's all. This is all we have done with the image for for 120 rubles.
Source: habr.com
