Skip navigation

Scregedit Streamlines Server Core

A new tool offers help with the new OS's GUI-less variation

One of Windows Server 2008’s most interesting aspects is its Server Core option. A Server Core system functions like a regular server, but it’s missing a few pieces. Two notable missing pieces are the .NET Framework and—more important—most of the GUI. The result is a version of Server 2008 that uses less disk space, runs in less RAM, offers attackers fewer places to attack, and runs leaner than its graphical counterpart.

I’m a command-line junkie, so I’m thrilled by the prospect of Server Core. I dug into an early beta as soon as I could get my hands on it. However, as I attempted to set up a Server Core system from scratch, I realized to my chagrin that the old saying is true: “Be careful what you wish for—you might get it.” Although I could do just about everything I needed to do from the command line, a few items left me scratching my head. Thankfully, I stumbled upon the very helpful Scregedit, a command-line registry tool built specifically to assist in configuring Server Core.

Before Scregedit
One of the items I had trouble with was determining how to enable Remote Desktop for a Server Core system. After noodling around with a full Server 2008 installation, I concluded that enabling Remote Desktop is as simple as opening port 3389 on the firewall. Working through the problem, I could start with the command

netsh firewall set icmpsettings opmode=disable

I could then access the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\Terminal Server registry subkey and set the fDenyTSConnections value to 0. In a moment of inspiration, I realized that I could do all that from the command line by using the Reg command:

reg add “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /d 0 /t REG_DWORD /f

I could even cheat and use Regedit (one of the rare GUI tools that do work in Server Core) to set the registry entry, but no matter how I sliced it, I was in for a lot of typing. Scregedit came to the rescue at just the right time.

Scregedit Syntax
Scregedit is a command-line tool that offers built-in support for some of the most commonly modified registry entries. The tool’s beauty is the simplicity of its syntax: scregedit /<parameter value>

Alternatively, to see the current value of the parameter, you can simply type

scregedit /<parameter> /v

For example, to enable Remote Desktop, I can type

scregedit /ar 0

To disable it, I’d replace the 0 with a 1. (The registry entry’s name, fDenyTSConnections, is worded so that enabling it enables the deny aspect; thus, you use 0 to enable. As any Windows vet knows, you need to get accustomed to mirror thinking to understand some Group Policy and registry settings!) To see its value, you’d type

scregedit /ar /v

which would (after some boilerplate information) net you a response of

System\CurrentControlSet\Control\Terminal Server fDenyTSConnections View registry setting 1

By the way, Scregedit is actually a script. Located in the Windows\System32 folder, its name is scregedit.wsf. Therefore, it will offer better-looking output if you first type

cscript //h:cscript

which tells Windows to run scripts by default under the CScript (i.e., command-line script) engine rather than the default WScript (i.e., Windows script) engine.

More Options
As I write this column, Scregedit has just seven options. The /cli option offers some text with examples of the commandline way to do a number of command-line tasks—a sort of condensed Help file. You can use Scregedit /au 4 to have Server Core automatically download and install updates, Scregedit /cs to have Remote Desktop allow connections from pre–Windows Vista Remote Desktop clients, Scregedit /im 1 to permit remote IPsec management, and Scregedit /dp priority and Scregedit dw priority to adjust the DNS priority and weight, respectively, of a Server Core system’s SRV records (assuming it’s a domain controller—DC). I wouldn’t be surprised if Microsoft gave Scregedit a few more options before Server 2008 hits the streets.

If you can get ahold of a copy of the Server 2008 beta, I encourage you to take Server Core for a spin.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.